Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: cian31 on November 13, 2011, 02:51:10 AM
-
Hi !
My PC runs on Windows Vista.
My computer has been infected with a trojan detected by Avira Antivir Personnal : Crypt.XPACK.Gen2.
I try to put the detected files in "quarantaine" but it seems that it was no good idea...
I am currently in bad situation :
- my PC start but the desk is black with no shortcuts,
- the following error appears many times : "Failed to save all the components for the file \\System32\<number>. The file is corrupted or unreadable. This error may be caused by a PC hardware problem"
- when I look in folders (personnal folder for example), it seems empty.
- I try to download ComboFix.exe but I have the same error : "Installer integrity check has failed"
I look at the post "Read this before posting ..." and :
- I have only one antivirus running (Avira)
- I don't know if there is a default firewall running within Vista
- I can't access the control panel so to unistall suspecious programs : the dedicated menu does not appear in the Start menu and I have no icon on the desk...
- CCCleaner downloaded : same error as ComboFix :'(
-SuperAntiSpyware is currently scanning my PC.
Thanks for your help.
-
See after the SuperAntiSpyware log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/13/2011 at 01:16 PM
Application Version : 5.0.1136
Core Rules Database Version : 7937
Trace Rules Database Version: 5749
Scan type : Complete Scan
Total Scan Time : 02:20:32
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 695
Memory threats detected : 0
Registry items scanned : 36335
Registry threats detected : 1
File items scanned : 186690
File threats detected : 111
Disabled.TaskManager
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
Adware.Tracking Cookie
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\cecile@statcounter[2].txt [ /statcounter ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\DUTYN5X6.txt [ /cofidis2.solution.weborama.fr ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\TC8Q1PN1.txt [ /doubleclick.net ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\QUDV5SZ9.txt [ /media6degrees.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\3YCVQJ1U.txt [ /xiti.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\Y3NM7KZW.txt [ /kontera.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\3Y2PTJKI.txt [ /ad6media.fr ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\94QC8L60.txt [ /smartadserver.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\UXELZNPC.txt [ /pro-market.net ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\IZP1EK7Z.txt [ /specificclick.net ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\EL8TR22L.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\N6PB0PFL.txt [ /mediaplex.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\ZIXMF3R4.txt [ /atdmt.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\HI7ZYA78.txt [ /boursoramabanque.solution.weborama.fr ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\R3PXAF93.txt [ /adfarm1.adition.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\69LHBNCI.txt [ /www.googleadservices.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\8WQ8ZNE7.txt [ /tribalfusion.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\8FR70M4G.txt [ /bouyguestelecom.solution.weborama.fr ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\DQC45ABA.txt [ /weborama.fr ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\E13S7U03.txt [ /serving-sys.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\HVMF2GTK.txt [ /c.atdmt.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\9E8P4HUF.txt [ /bs.serving-sys.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\U39XFNFV.txt [ /zanox.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\T7R7XPL5.txt [ /ads.bleepingcomputer.com ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\2A7UNBRG.txt [ /adviva.net ]
C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\7HTN4BR2.txt [ /apmebf.com ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@tradedoubler[1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@doubleclick[2].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@xiti[1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@advertstream[1].txt [ Cookie:[email protected]/a ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@2o7[1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@tacoda[2].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@mediaplex[2].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@247realmedia[2].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@atwola[1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@advertising[1].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@adtech[2].txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\DUTYN5X6.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\TC8Q1PN1.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\QUDV5SZ9.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\3YCVQJ1U.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\UXELZNPC.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\EL8TR22L.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\N6PB0PFL.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\HI7ZYA78.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\R3PXAF93.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\69LHBNCI.txt [ Cookie:[email protected]/pagead/conversion/995025306/ ]
C:\USERS\CECILE\Cookies\8WQ8ZNE7.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\8FR70M4G.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\DQC45ABA.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\HVMF2GTK.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\9E8P4HUF.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\U39XFNFV.txt [ Cookie:[email protected]/ ]
C:\USERS\CECILE\Cookies\2A7UNBRG.txt [ Cookie:[email protected]/ ]
akamai.smartadserver.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
banners.direction-x.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
bc.piximedia.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
bc.youporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
blog.sexe-*censored*-video.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
broadcast.piximedia.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
cdn4.specificclick.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
cdn5.specificclick.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
ds.serving-sys.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
files.youporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
flvtools.spacash.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
ia.media-imdb.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
macromedia.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
mb.sexetube.cc [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
media.disneyinternational.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
media.eurolive.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
media.fdj.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
media.mtvnservices.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
media.thewb.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
media1.break.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
pornsexe.org [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
pubhdstats2.msvp.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
s0.2mdn.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
secure-it.imrworldwide.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
secure-uk.imrworldwide.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
tracking.publicidees.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
vidii.hardsextube.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
vitamine.networldmedia.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.alltheporn.tv [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.amateur2sexe.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.bestof-sexe.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.fastforcedfuck.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.mypornmotion.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.naiadsystems.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.pornego.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.pornhub.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.porntubeamateur.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.recherche-*censored*.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.sexe-libre.org [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.sexe911.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.sexeenstreaming.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.sexetube.cc [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.trackgcm.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
www.ziporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
wwwstatic.megaporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.SORPRESOR ]
C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@BLUESTREAK[1].TXT [ /BLUESTREAK ]
C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WW57.SMARTADSERVER ]
C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW3.SMARTADSERVER ]
-
An error occured :
"
Files indexation process failed.
Indexation process failure may cause :
ï File may became unreadable
ï Files and documents can be lost
ï Operation System may slow down dramatically
To prevent possible damage to this PC follow the recommendations.
Recommendations : it's highly recommended to run file integrity checker now and resolve this issue."
-
i try to install java as suggested in the post "read this before requesting ... " but it failed...
message "install failed"
-
A simple and good program called Tune up Utilities will help you keep your pc running well. I think you can download it for 30 days to try. Simple and easy to use. I use it and never had any problems with my pc. And a good side kick to run alongside your antivirus is called Malwarebytes anti malware. Just google it. There is a free version and it works great. Highly recommend it. It helped me out with a Trojan that my antivirus could not get and it found it and got rid of it. Try it and see for your self. ;)
-
Thanks for your answer Redd!
As said, I started the analysis of my PC with Malwarebytes and the report seems ok. I can't post the log file : the program associated to a file .txt is now... VLC!!
I still have no more programs displayed in the start menu, no more control panel menu...
When I look at C:\ content in the explorer, there is a never ending filetree with C:\LocalDisk\C:\LocalDisk ... and so on
???
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run this in Safe Mode with Networking. Reboot in Normal mode and see if you can run it again and post the log.
Here's (http://www.computerhope.com/issues/chsafe.htm) how to get into Safe Mode.
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
Thanks for your answer SuperDave.
I have already done the Malwarebytes procedure but can't post the log since VLC is now attached to open the txt file. And I don't know how to change it since I have not access to the control panel (all items of strat menu has vanished).
Also, I have a new problem : PC is restarting when I try to launch Firefox... A blue screen appears with error message I have no time to read and the the PC restart.
I will try to re-do the Malwarebytes procedure in a few hours when I get back to my house...
-
- Please download Unhide by Grinler from here (http://download.bleepingcomputer.com/grinler/unhide.exe) and save it to your desktop.
- Double click unhide.exe to run the tool.
- It will take some time to go through all your files, so please be patient.
- If this tool doesn´t fix the problem, please let me know.
-
Hi!
Yesterday night, while I try to install the unhide program you propose, windows proposes to restaure a system point and this time it works.
I try now to install CCcleaner to analyse cookies and suppr them.
-
Please try to run MBAM and post the log along with these other logs.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
SuperAntiSpyware log file :
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/17/2011 at 11:05 PM
Application Version : 5.0.1136
Core Rules Database Version : 7957
Trace Rules Database Version: 5769
Scan type : Complete Scan
Total Scan Time : 01:49:40
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 735
Memory threats detected : 0
Registry items scanned : 36298
Registry threats detected : 0
File items scanned : 184686
File threats detected : 1
Trojan.Agent/Gen-Nullo[Short]
C:\USERS\CECILE\DOWNLOADS\VLC-PLUGIN-MULTI.EXE
Now will install DDS has you suggest.
-
See here after Attach. txt file log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/12/2008 01:34:50
System Uptime: 18/11/2011 22:26:06 (0 hours ago)
.
Motherboard: HP | | 3600
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket M2/S1G1 | 1100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 55,31 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1,781 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP508: 18/11/2011 01:54:55 - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.2 - Français
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
Atelier Photo FNAC
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
BadCopy Pro
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Crawler Toolbar with Web Security Guard
CyberLink DVD Suite
EasyRecovery Professional Essai
EasyRecovery Professional Trial
ESU for Microsoft Vista
FileZilla Client 3.4.0
GetDataBack for NTFS
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Doc Viewer
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 J1
HP Support Assistant
HP Total Care Advisor
HP Update
HP User Guides 0128
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
Java Auto Updater
Java(TM) 6 Update 20
JMicron JMB38X Flash Media Controller Driver
K-Lite Codec Pack 6.8.0 (Full)
LabelPrint
LightScribe System Software 1.14.17.1
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Office Excel MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Package de pilotes Windows - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
Picasa 3
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skins
Skype Toolbars
Skype™ 4.2
Spyware Terminator
SUPERAntiSpyware
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB934528)
VLC media player 1.1.5
Windows Media Player Firefox Plugin
.
==== End Of File ===========================
-
Please fin hereafter DDS.txt log file :
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Run by Cecile at 22:30:35 on 2011-11-18
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.1922 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpshare.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Barre d'outils &Crawler: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\cecile\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{56FE33FF-CF38-4567-A62A-208CAC0FE17F} : DhcpNameServer = 212.27.40.240 212.27.40.241
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cecile\appdata\roaming\mozilla\firefox\profiles\wa878qin.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\googlepicasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\cecile\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cecile\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\cecile\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cecile\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
FF - Ext: SUPERAntiSpyware Toolbar Powered by Ask.com: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-7 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_805f33de\AEstSrv.exe [2008-12-15 77824]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-12-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-7 56816]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-11-7 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-9-24 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-9-24 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-7 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-22 107360]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-12-15 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-18 07:19:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ced87eeb-0344-4986-b9b9-4f50290600db}\offreg.dll
2011-11-18 00:55:37 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ced87eeb-0344-4986-b9b9-4f50290600db}\mpengine.dll
2011-11-17 08:01:34 -------- d-----w- c:\program files\CCleaner
2011-11-13 13:17:07 -------- d-----w- c:\users\cecile\appdata\roaming\Malwarebytes
2011-11-13 13:16:56 -------- d-----w- c:\programdata\Malwarebytes
2011-11-13 13:16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-13 09:55:36 -------- d--h--w- c:\program files\Ask.com
2011-11-13 09:53:22 -------- d--h--w- c:\users\cecile\appdata\roaming\SUPERAntiSpyware.com
2011-11-13 09:52:29 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
2011-11-13 09:52:29 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-11-09 17:45:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 17:45:29 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:45:24 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-05 10:05:35 653576 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 22:33:15,91 ===============
-
Can you update and run MBAM?
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
**********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
MBAM updated and currently running.
I will check my JAVA version after MBAM processing.
Thk u for your time and instructions!
-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Version de la base de données: 8198
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
20/11/2011 19:06:32
mbam-log-2011-11-20 (19-06-32).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Elément(s) analysé(s): 345180
Temps écoulé: 4 heure(s), 19 minute(s), 45 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
-
ComboFix alert me on a rootkit! :-[
ComboFix 11-11-20.02 - Cecile 20/11/2011 22:55:52.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.1922 [GMT 1:00]
Lancé depuis: c:\users\Cecile\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-10-20 au 2011-11-20 ))))))))))))))))))))))))))))))))))))
.
.
2011-11-20 22:12 . 2011-11-20 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 21:47 . 2011-11-20 21:47 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB35648-5A28-4EC7-8CD3-01DEDF112A85}\offreg.dll
2011-11-20 21:32 . 2011-11-20 22:12 -------- d-----w- c:\users\Cecile\AppData\Local\temp
2011-11-20 13:44 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-20 13:40 . 2011-11-20 13:41 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-19 01:17 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB35648-5A28-4EC7-8CD3-01DEDF112A85}\mpengine.dll
2011-11-17 08:01 . 2011-11-17 08:01 -------- d-----w- c:\program files\CCleaner
2011-11-13 13:17 . 2011-11-13 13:17 -------- d-----w- c:\users\Cecile\AppData\Roaming\Malwarebytes
2011-11-13 13:16 . 2011-11-13 13:16 -------- d-----w- c:\programdata\Malwarebytes
2011-11-13 13:16 . 2011-11-20 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-13 09:55 . 2011-11-13 09:56 -------- d--h--w- c:\program files\Ask.com
2011-11-13 09:53 . 2011-11-13 09:53 -------- d--h--w- c:\users\Cecile\AppData\Roaming\SUPERAntiSpyware.com
2011-11-13 09:52 . 2011-11-17 20:13 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-11-13 09:52 . 2011-11-13 09:52 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
2011-11-09 17:45 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 17:45 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:45 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-05 10:05 . 2011-11-05 10:05 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 13:30 . 2011-10-12 23:52 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39 . 2011-10-12 23:50 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 16:15 . 2011-10-12 23:52 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 23:52 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-12 23:52 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-12 23:52 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-18 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-24 206120]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-10-03 912688]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-09-05 206128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 107360]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-08 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-24 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-24 116096]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-09-08 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543032756-1341853526-3042005519-1000Core.job
- c:\users\Cecile\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 12:04]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543032756-1341853526-3042005519-1000UA.job
- c:\users\Cecile\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 12:04]
.
2011-11-18 c:\windows\Tasks\HPCeeScheduleForCecile.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Cecile\AppData\Roaming\Mozilla\Firefox\Profiles\wa878qin.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
FF - Ext: SUPERAntiSpyware Toolbar Powered by Ask.com: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-20 23:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Heure de fin: 2011-11-20 23:16:45
ComboFix-quarantined-files.txt 2011-11-20 22:16
ComboFix2.txt 2011-11-20 21:44
.
Avant-CF: 54 672 093 184 octets libres
Après-CF: 54 635 429 888 octets libres
.
- - End Of File - - B5217E7A66B62F8FC968DDCFA5ADB6E3
-
Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Java version out of date!
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
Adobe Reader 9 (Adobe Reader out of date!)
Mozilla Firefox ((3.6.24)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
-
- Java update always stop on an error : internal Interne 2753.regutils.dll
- windows updates also stop on an error : Code 80096001
- Firefox is updated in 8.0
- I don't understand the warning on Adobe Reader version since Adobe 9 is installed et that no other version is detected by the update process of Adobe Reader ...
-
Your Internet Explorer is also out-of-date. You should update it. Out-dated programs are susceptible to infections.
Let's run a few more scans to see what turns up.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
*******************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Your Internet Explorer is also out-of-date. You should update it. Out-dated programs are susceptible to infections.
I agree but I can't... the updates mentionned always fail...
I don't know how to force the updates for these programs :-[
-
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 21:06:22
-----------------------------
21:06:22.865 OS Version: Windows 6.0.6002 Service Pack 2
21:06:22.865 Number of processors: 2 586 0x301
21:06:22.869 ComputerName: NAVIS UserName:
21:06:24.176 Initialize success
21:12:42.472 AVAST engine defs: 11112100
21:13:27.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:13:27.596 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
21:13:29.646 Disk 0 MBR read successfully
21:13:29.653 Disk 0 MBR scan
21:13:29.664 Disk 0 unknown MBR code
21:13:29.681 Disk 0 scanning sectors +312573952
21:13:29.789 Disk 0 scanning C:\Windows\system32\drivers
21:13:51.976 Service scanning
21:13:54.274 Modules scanning
21:14:04.720 Disk 0 trace - called modules:
21:14:04.762 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
21:14:04.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858cc8e8]
21:14:04.779 3 CLASSPNP.SYS[807a48b3] -> nt!IofCallDriver -> [0x858da890]
21:14:05.158 5 hpdskflt.sys[8b1b0f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85891b98]
21:14:06.690 AVAST engine scan C:\Windows
21:14:13.120 AVAST engine scan C:\Windows\system32
21:17:20.886 AVAST engine scan C:\Windows\system32\drivers
21:17:35.932 AVAST engine scan C:\Users\Cecile
21:29:35.799 AVAST engine scan C:\ProgramData
21:32:19.987 Scan finished successfully
21:32:59.863 Disk 0 MBR has been saved successfully to "C:\Users\Cecile\Desktop\MBR.dat"
21:32:59.888 The log file has been saved successfully to "C:\Users\Cecile\Desktop\aswMBR.txt"
good log ?
-
I don't know how to force the updates for these programs
What happens when you try updating from this (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) site?
Please download TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick TDSSKiller.exe to run the tool
- Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
- After the scan has finished, click the Close button
- Click the Report button and copy/paste the contents of it into your next reply
- Note:It will also create a log in the C:\ directory.
-
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 21:06:22
-----------------------------
21:06:22.865 OS Version: Windows 6.0.6002 Service Pack 2
21:06:22.865 Number of processors: 2 586 0x301
21:06:22.869 ComputerName: NAVIS UserName:
21:06:24.176 Initialize success
21:12:42.472 AVAST engine defs: 11112100
21:13:27.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:13:27.596 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
21:13:29.646 Disk 0 MBR read successfully
21:13:29.653 Disk 0 MBR scan
21:13:29.664 Disk 0 unknown MBR code
21:13:29.681 Disk 0 scanning sectors +312573952
21:13:29.789 Disk 0 scanning C:\Windows\system32\drivers
21:13:51.976 Service scanning
21:13:54.274 Modules scanning
21:14:04.720 Disk 0 trace - called modules:
21:14:04.762 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
21:14:04.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858cc8e8]
21:14:04.779 3 CLASSPNP.SYS[807a48b3] -> nt!IofCallDriver -> [0x858da890]
21:14:05.158 5 hpdskflt.sys[8b1b0f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85891b98]
21:14:06.690 AVAST engine scan C:\Windows
21:14:13.120 AVAST engine scan C:\Windows\system32
21:17:20.886 AVAST engine scan C:\Windows\system32\drivers
21:17:35.932 AVAST engine scan C:\Users\Cecile
21:29:35.799 AVAST engine scan C:\ProgramData
21:32:19.987 Scan finished successfully
21:32:59.863 Disk 0 MBR has been saved successfully to "C:\Users\Cecile\Desktop\MBR.dat"
21:32:59.888 The log file has been saved successfully to "C:\Users\Cecile\Desktop\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-23 21:23:51
-----------------------------
21:23:51.718 OS Version: Windows 6.0.6002 Service Pack 2
21:23:51.718 Number of processors: 2 586 0x301
21:23:51.720 ComputerName: NAVIS UserName:
21:23:55.649 Initialize success
21:30:20.794 AVAST engine defs: 11112302
21:32:42.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:32:42.689 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
21:32:44.743 Disk 0 MBR read successfully
21:32:44.749 Disk 0 MBR scan
21:32:44.760 Disk 0 unknown MBR code
21:32:44.788 Disk 0 scanning sectors +312573952
21:32:44.916 Disk 0 scanning C:\Windows\system32\drivers
21:33:24.149 Service scanning
21:33:26.206 Modules scanning
21:34:12.392 Disk 0 trace - called modules:
21:34:12.478 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
21:34:12.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858cc8e8]
21:34:12.495 3 CLASSPNP.SYS[807a48b3] -> nt!IofCallDriver -> [0x858da890]
21:34:12.508 5 hpdskflt.sys[8b1b0f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85891b98]
21:34:13.817 AVAST engine scan C:\Windows
21:34:36.011 AVAST engine scan C:\Windows\system32
21:41:43.801 AVAST engine scan C:\Windows\system32\drivers
21:42:39.545 AVAST engine scan C:\Users\Cecile
21:43:59.675 Disk 0 MBR has been saved successfully to "C:\Users\Cecile\Desktop\MBR.dat"
21:43:59.713 The log file has been saved successfully to "C:\Users\Cecile\Desktop\aswMBR.txt"
-
What happens when you try updating from this (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) site?
I try with your link and it's the same : it failed... :-\
-
21:53:09.0514 5884 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
21:53:09.0700 5884 ============================================================
21:53:09.0700 5884 Current date / time: 2011/11/23 21:53:09.0700
21:53:09.0700 5884 SystemInfo:
21:53:09.0700 5884
21:53:09.0701 5884 OS Version: 6.0.6002 ServicePack: 2.0
21:53:09.0701 5884 Product type: Workstation
21:53:09.0701 5884 ComputerName: NAVIS
21:53:09.0702 5884 UserName: Cecile
21:53:09.0702 5884 Windows directory: C:\Windows
21:53:09.0702 5884 System windows directory: C:\Windows
21:53:09.0702 5884 Processor architecture: Intel x86
21:53:09.0702 5884 Number of processors: 2
21:53:09.0702 5884 Page size: 0x1000
21:53:09.0702 5884 Boot type: Normal boot
21:53:09.0702 5884 ============================================================
21:53:11.0995 5884 Initialize success
21:55:06.0949 6016 ============================================================
21:55:06.0949 6016 Scan started
21:55:06.0949 6016 Mode: Manual;
21:55:06.0949 6016 ============================================================
21:55:07.0943 6016 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:55:07.0945 6016 Accelerometer - ok
21:55:08.0203 6016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:55:08.0209 6016 ACPI - ok
21:55:08.0526 6016 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:55:08.0582 6016 adp94xx - ok
21:55:08.0784 6016 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:55:08.0822 6016 adpahci - ok
21:55:09.0016 6016 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:55:09.0042 6016 adpu160m - ok
21:55:09.0200 6016 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:55:09.0222 6016 adpu320 - ok
21:55:09.0620 6016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:55:09.0645 6016 AFD - ok
21:55:09.0817 6016 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:55:09.0834 6016 agp440 - ok
21:55:10.0050 6016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:55:10.0052 6016 aic78xx - ok
21:55:10.0191 6016 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
21:55:10.0201 6016 aliide - ok
21:55:10.0432 6016 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:55:10.0450 6016 amdagp - ok
21:55:10.0628 6016 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
21:55:10.0629 6016 amdide - ok
21:55:10.0848 6016 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:55:10.0861 6016 AmdK7 - ok
21:55:11.0031 6016 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:55:11.0032 6016 AmdK8 - ok
21:55:11.0439 6016 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:55:11.0450 6016 arc - ok
21:55:11.0667 6016 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:55:11.0670 6016 arcsas - ok
21:55:11.0927 6016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:11.0954 6016 AsyncMac - ok
21:55:12.0076 6016 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:55:12.0078 6016 atapi - ok
21:55:12.0427 6016 athr (57a25b2a015b6f3d4aef751dd7f517f4) C:\Windows\system32\DRIVERS\athr.sys
21:55:12.0572 6016 athr - ok
21:55:13.0129 6016 atikmdag (ac9e487e3513561e4f7953c438727ff7) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:13.0624 6016 atikmdag - ok
21:55:13.0849 6016 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:55:13.0850 6016 AtiPcie - ok
21:55:14.0076 6016 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:55:14.0083 6016 avgio - ok
21:55:14.0294 6016 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
21:55:14.0303 6016 avgntflt - ok
21:55:14.0491 6016 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
21:55:14.0499 6016 avipbb - ok
21:55:14.0757 6016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:55:14.0758 6016 Beep - ok
21:55:15.0031 6016 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:55:15.0032 6016 blbdrive - ok
21:55:15.0172 6016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:55:15.0182 6016 bowser - ok
21:55:15.0314 6016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:55:15.0315 6016 BrFiltLo - ok
21:55:15.0492 6016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:55:15.0494 6016 BrFiltUp - ok
21:55:15.0691 6016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:55:15.0699 6016 Brserid - ok
21:55:15.0893 6016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:55:15.0896 6016 BrSerWdm - ok
21:55:16.0019 6016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:55:16.0020 6016 BrUsbMdm - ok
21:55:16.0190 6016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:55:16.0191 6016 BrUsbSer - ok
21:55:16.0427 6016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:55:16.0429 6016 BTHMODEM - ok
21:55:16.0614 6016 catchme - ok
21:55:16.0814 6016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:16.0823 6016 cdfs - ok
21:55:16.0991 6016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:55:17.0003 6016 cdrom - ok
21:55:17.0163 6016 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
21:55:17.0171 6016 circlass - ok
21:55:17.0334 6016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:55:17.0353 6016 CLFS - ok
21:55:17.0534 6016 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:55:17.0535 6016 CmBatt - ok
21:55:17.0658 6016 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
21:55:17.0670 6016 cmdide - ok
21:55:17.0883 6016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:55:17.0886 6016 Compbatt - ok
21:55:18.0064 6016 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:55:18.0066 6016 crcdisk - ok
21:55:18.0244 6016 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:55:18.0252 6016 Crusoe - ok
21:55:18.0414 6016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:55:18.0435 6016 DfsC - ok
21:55:18.0663 6016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:55:18.0666 6016 disk - ok
21:55:18.0835 6016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:55:18.0836 6016 drmkaud - ok
21:55:19.0040 6016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:19.0102 6016 DXGKrnl - ok
21:55:19.0229 6016 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:55:19.0257 6016 E1G60 - ok
21:55:19.0500 6016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:55:19.0505 6016 Ecache - ok
21:55:19.0773 6016 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:55:19.0815 6016 elxstor - ok
21:55:20.0100 6016 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
21:55:20.0116 6016 enecir - ok
21:55:20.0312 6016 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:55:20.0313 6016 ErrDev - ok
21:55:20.0555 6016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:55:20.0568 6016 exfat - ok
21:55:20.0863 6016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:55:20.0887 6016 fastfat - ok
21:55:21.0130 6016 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:55:21.0132 6016 fdc - ok
21:55:21.0373 6016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:55:21.0376 6016 FileInfo - ok
21:55:21.0681 6016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:55:21.0699 6016 Filetrace - ok
21:55:21.0902 6016 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:55:21.0903 6016 flpydisk - ok
21:55:22.0119 6016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:55:22.0139 6016 FltMgr - ok
21:55:22.0305 6016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:55:22.0306 6016 Fs_Rec - ok
21:55:22.0485 6016 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:55:22.0488 6016 gagp30kx - ok
21:55:22.0812 6016 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:55:22.0835 6016 HdAudAddService - ok
21:55:23.0047 6016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:55:23.0115 6016 HDAudBus - ok
21:55:23.0289 6016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:55:23.0298 6016 HidBth - ok
21:55:23.0441 6016 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
21:55:23.0449 6016 HidIr - ok
21:55:23.0688 6016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:55:23.0689 6016 HidUsb - ok
21:55:23.0877 6016 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:55:23.0886 6016 HpCISSs - ok
21:55:24.0097 6016 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:55:24.0099 6016 hpdskflt - ok
21:55:24.0232 6016 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:55:24.0240 6016 HpqKbFiltr - ok
21:55:24.0511 6016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:55:24.0575 6016 HTTP - ok
21:55:24.0755 6016 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:55:24.0757 6016 i2omp - ok
21:55:25.0038 6016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:55:25.0040 6016 i8042prt - ok
21:55:25.0198 6016 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:55:25.0216 6016 iaStorV - ok
21:55:25.0396 6016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:55:25.0398 6016 iirsp - ok
21:55:25.0587 6016 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
21:55:25.0588 6016 intelide - ok
21:55:25.0819 6016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:55:25.0827 6016 intelppm - ok
21:55:25.0971 6016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:25.0980 6016 IpFilterDriver - ok
21:55:26.0082 6016 IpInIp - ok
21:55:26.0261 6016 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:55:26.0262 6016 IPMIDRV - ok
21:55:26.0417 6016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:55:26.0428 6016 IPNAT - ok
21:55:26.0615 6016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:55:26.0616 6016 IRENUM - ok
21:55:26.0750 6016 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:55:26.0759 6016 isapnp - ok
21:55:27.0053 6016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:55:27.0076 6016 iScsiPrt - ok
21:55:27.0205 6016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:55:27.0207 6016 iteatapi - ok
21:55:27.0394 6016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:55:27.0397 6016 iteraid - ok
21:55:27.0553 6016 JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
21:55:27.0571 6016 JMCR - ok
21:55:27.0776 6016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:27.0778 6016 kbdclass - ok
21:55:27.0944 6016 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:55:27.0945 6016 kbdhid - ok
21:55:28.0184 6016 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:55:28.0245 6016 KSecDD - ok
21:55:28.0553 6016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:55:28.0556 6016 lltdio - ok
21:55:28.0707 6016 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:55:28.0716 6016 LSI_FC - ok
21:55:28.0875 6016 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:55:28.0878 6016 LSI_SAS - ok
21:55:29.0089 6016 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:55:29.0091 6016 LSI_SCSI - ok
21:55:29.0312 6016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:55:29.0332 6016 luafv - ok
21:55:29.0597 6016 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:55:29.0606 6016 megasas - ok
21:55:29.0827 6016 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:55:29.0895 6016 MegaSR - ok
21:55:30.0111 6016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:55:30.0119 6016 Modem - ok
21:55:30.0265 6016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:55:30.0267 6016 monitor - ok
21:55:30.0376 6016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:55:30.0384 6016 mouclass - ok
21:55:30.0516 6016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:55:30.0517 6016 mouhid - ok
21:55:30.0679 6016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:55:30.0701 6016 MountMgr - ok
21:55:30.0870 6016 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:55:30.0888 6016 mpio - ok
21:55:31.0061 6016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:55:31.0063 6016 mpsdrv - ok
21:55:31.0313 6016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:55:31.0321 6016 Mraid35x - ok
21:55:31.0510 6016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:55:31.0547 6016 MRxDAV - ok
21:55:31.0721 6016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:31.0730 6016 mrxsmb - ok
21:55:31.0862 6016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:31.0927 6016 mrxsmb10 - ok
21:55:32.0054 6016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:32.0086 6016 mrxsmb20 - ok
21:55:32.0316 6016 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:55:32.0325 6016 msahci - ok
21:55:32.0459 6016 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:55:32.0469 6016 msdsm - ok
21:55:32.0647 6016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:55:32.0649 6016 Msfs - ok
21:55:32.0866 6016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:55:32.0867 6016 msisadrv - ok
21:55:33.0082 6016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:55:33.0083 6016 MSKSSRV - ok
21:55:33.0300 6016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:33.0302 6016 MSPCLOCK - ok
21:55:33.0423 6016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:55:33.0424 6016 MSPQM - ok
21:55:33.0585 6016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:55:33.0602 6016 MsRPC - ok
21:55:33.0727 6016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:55:33.0729 6016 mssmbios - ok
21:55:33.0868 6016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:55:33.0869 6016 MSTEE - ok
21:55:34.0027 6016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:55:34.0036 6016 Mup - ok
21:55:34.0236 6016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:55:34.0259 6016 NativeWifiP - ok
21:55:34.0539 6016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:55:34.0593 6016 NDIS - ok
21:55:34.0752 6016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:34.0761 6016 NdisTapi - ok
21:55:34.0982 6016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:35.0000 6016 Ndisuio - ok
21:55:35.0176 6016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:35.0179 6016 NdisWan - ok
21:55:35.0392 6016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:55:35.0395 6016 NDProxy - ok
21:55:35.0566 6016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:55:35.0574 6016 NetBIOS - ok
21:55:35.0795 6016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:55:35.0800 6016 netbt - ok
21:55:36.0315 6016 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:55:36.0715 6016 NETw3v32 - ok
21:55:36.0871 6016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:55:36.0880 6016 nfrd960 - ok
21:55:36.0996 6016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:55:36.0998 6016 Npfs - ok
21:55:37.0129 6016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:55:37.0131 6016 nsiproxy - ok
21:55:37.0442 6016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:55:37.0572 6016 Ntfs - ok
21:55:37.0777 6016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:55:37.0787 6016 ntrigdigi - ok
21:55:37.0948 6016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:55:37.0950 6016 Null - ok
21:55:38.0194 6016 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:55:38.0219 6016 nvraid - ok
21:55:38.0311 6016 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:55:38.0329 6016 nvstor - ok
21:55:38.0507 6016 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:55:38.0515 6016 nv_agp - ok
21:55:38.0614 6016 NwlnkFlt - ok
21:55:38.0718 6016 NwlnkFwd - ok
21:55:38.0923 6016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:55:38.0925 6016 ohci1394 - ok
21:55:39.0125 6016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:55:39.0144 6016 Parport - ok
21:55:39.0391 6016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:55:39.0400 6016 partmgr - ok
21:55:39.0547 6016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:55:39.0548 6016 Parvdm - ok
21:55:39.0776 6016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:55:39.0780 6016 pci - ok
21:55:39.0938 6016 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:55:39.0939 6016 pciide - ok
21:55:40.0146 6016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:55:40.0166 6016 pcmcia - ok
21:55:40.0438 6016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:55:40.0581 6016 PEAUTH - ok
21:55:40.0849 6016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:40.0851 6016 PptpMiniport - ok
21:55:40.0978 6016 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
21:55:40.0981 6016 Processor - ok
21:55:41.0207 6016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:55:41.0209 6016 PSched - ok
21:55:41.0402 6016 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:55:41.0496 6016 ql2300 - ok
21:55:41.0730 6016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:55:41.0747 6016 ql40xx - ok
21:55:41.0920 6016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:55:41.0930 6016 QWAVEdrv - ok
21:55:42.0127 6016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:42.0128 6016 RasAcd - ok
21:55:42.0287 6016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:42.0290 6016 Rasl2tp - ok
21:55:42.0588 6016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:42.0590 6016 RasPppoe - ok
21:55:42.0863 6016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:55:42.0872 6016 RasSstp - ok
21:55:43.0162 6016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:43.0204 6016 rdbss - ok
21:55:43.0428 6016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:43.0429 6016 RDPCDD - ok
21:55:43.0554 6016 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:55:43.0578 6016 rdpdr - ok
21:55:43.0758 6016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:55:43.0760 6016 RDPENCDD - ok
21:55:43.0925 6016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:55:43.0934 6016 RDPWD - ok
21:55:44.0142 6016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:44.0158 6016 rspndr - ok
21:55:44.0384 6016 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:55:44.0387 6016 RTL8169 - ok
21:55:44.0571 6016 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:55:44.0573 6016 SASDIFSV - ok
21:55:44.0616 6016 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:55:44.0634 6016 SASKUTIL - ok
21:55:44.0847 6016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:55:44.0855 6016 sbp2port - ok
21:55:45.0097 6016 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:55:45.0121 6016 sdbus - ok
21:55:45.0304 6016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:55:45.0326 6016 secdrv - ok
21:55:45.0480 6016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:55:45.0481 6016 Serenum - ok
21:55:45.0641 6016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:55:45.0643 6016 Serial - ok
21:55:45.0869 6016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:55:45.0886 6016 sermouse - ok
21:55:46.0090 6016 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:55:46.0091 6016 sffdisk - ok
21:55:46.0222 6016 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:46.0224 6016 sffp_mmc - ok
21:55:46.0430 6016 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:55:46.0431 6016 sffp_sd - ok
21:55:46.0633 6016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:55:46.0634 6016 sfloppy - ok
21:55:46.0890 6016 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:55:46.0901 6016 sisagp - ok
21:55:47.0027 6016 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:55:47.0037 6016 SiSRaid2 - ok
21:55:47.0170 6016 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:55:47.0172 6016 SiSRaid4 - ok
21:55:47.0326 6016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:55:47.0329 6016 Smb - ok
21:55:47.0510 6016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:55:47.0519 6016 spldr - ok
21:55:47.0728 6016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:55:47.0770 6016 srv - ok
21:55:47.0981 6016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:55:47.0985 6016 srv2 - ok
21:55:48.0152 6016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:55:48.0155 6016 srvnet - ok
21:55:48.0345 6016 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:55:48.0353 6016 ssmdrv - ok
21:55:48.0562 6016 STHDA (87a094ca41bc86ce430df0ed0c846dc8) C:\Windows\system32\DRIVERS\stwrt.sys
21:55:48.0578 6016 STHDA - ok
21:55:48.0738 6016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:55:48.0740 6016 swenum - ok
21:55:48.0901 6016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:55:48.0903 6016 Symc8xx - ok
21:55:49.0011 6016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:55:49.0012 6016 Sym_hi - ok
21:55:49.0196 6016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:55:49.0197 6016 Sym_u3 - ok
21:55:49.0403 6016 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
21:55:49.0412 6016 SynTP - ok
21:55:49.0617 6016 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:55:49.0687 6016 Tcpip - ok
21:55:49.0921 6016 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:55:49.0936 6016 Tcpip6 - ok
21:55:50.0076 6016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:55:50.0077 6016 tcpipreg - ok
21:55:50.0274 6016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:55:50.0275 6016 TDPIPE - ok
21:55:50.0421 6016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:55:50.0423 6016 TDTCP - ok
21:55:50.0572 6016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:55:50.0574 6016 tdx - ok
21:55:50.0680 6016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:55:50.0682 6016 TermDD - ok
21:55:50.0873 6016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:50.0875 6016 tssecsrv - ok
21:55:51.0071 6016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:55:51.0073 6016 tunmp - ok
21:55:51.0230 6016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:55:51.0232 6016 tunnel - ok
21:55:51.0407 6016 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:55:51.0409 6016 uagp35 - ok
21:55:51.0607 6016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:55:51.0621 6016 udfs - ok
21:55:51.0851 6016 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:55:51.0853 6016 uliagpkx - ok
21:55:51.0985 6016 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:55:52.0013 6016 uliahci - ok
21:55:52.0176 6016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:55:52.0178 6016 UlSata - ok
21:55:52.0279 6016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:55:52.0282 6016 ulsata2 - ok
21:55:52.0466 6016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:55:52.0468 6016 umbus - ok
21:55:52.0602 6016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:52.0604 6016 usbccgp - ok
21:55:52.0798 6016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:55:52.0822 6016 usbcir - ok
21:55:53.0056 6016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:55:53.0058 6016 usbehci - ok
21:55:53.0275 6016 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
21:55:53.0277 6016 usbfilter - ok
21:55:53.0392 6016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:55:53.0402 6016 usbhub - ok
21:55:53.0528 6016 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:55:53.0530 6016 usbohci - ok
21:55:53.0714 6016 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:55:53.0715 6016 usbprint - ok
21:55:53.0857 6016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:53.0859 6016 USBSTOR - ok
21:55:53.0993 6016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:55:53.0995 6016 usbuhci - ok
21:55:54.0185 6016 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:55:54.0188 6016 usbvideo - ok
21:55:54.0403 6016 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:54.0405 6016 vga - ok
21:55:54.0543 6016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:55:54.0545 6016 VgaSave - ok
21:55:54.0680 6016 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:55:54.0683 6016 viaagp - ok
21:55:54.0905 6016 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:55:54.0906 6016 ViaC7 - ok
21:55:55.0091 6016 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
21:55:55.0093 6016 viaide - ok
21:55:55.0317 6016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:55:55.0320 6016 volmgr - ok
21:55:55.0546 6016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:55:55.0564 6016 volmgrx - ok
21:55:55.0787 6016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:55:55.0797 6016 volsnap - ok
21:55:55.0937 6016 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:55:55.0940 6016 vsmraid - ok
21:55:56.0143 6016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:55:56.0145 6016 WacomPen - ok
21:55:56.0292 6016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:56.0296 6016 Wanarp - ok
21:55:56.0333 6016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:56.0335 6016 Wanarpv6 - ok
21:55:56.0530 6016 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:55:56.0532 6016 Wd - ok
21:55:56.0733 6016 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:55:56.0786 6016 Wdf01000 - ok
21:55:57.0083 6016 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:55:57.0084 6016 WmiAcpi - ok
21:55:57.0248 6016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:55:57.0250 6016 ws2ifsl - ok
21:55:57.0460 6016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:57.0462 6016 WUDFRd - ok
21:55:57.0663 6016 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
21:55:57.0678 6016 yukonwlh - ok
21:55:57.0861 6016 {55662437-DA8C-40c0-AADA-2C816A897A49} (bdfde977f5e88a539187aef24ded7c40) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
21:55:57.0880 6016 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
21:55:57.0936 6016 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
21:55:57.0954 6016 \Device\Harddisk0\DR0 - ok
21:55:57.0967 6016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:55:59.0619 6016 \Device\Harddisk1\DR1 - ok
21:55:59.0631 6016 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
21:56:01.0229 6016 \Device\Harddisk2\DR2 - ok
21:56:01.0259 6016 Boot (0x1200) (967cea4e3bb8b75f3689a169f2ce7cae) \Device\Harddisk0\DR0\Partition0
21:56:01.0267 6016 \Device\Harddisk0\DR0\Partition0 - ok
21:56:01.0311 6016 Boot (0x1200) (70d61108dde852fbf1de720d227b7b9f) \Device\Harddisk0\DR0\Partition1
21:56:01.0337 6016 \Device\Harddisk0\DR0\Partition1 - ok
21:56:01.0370 6016 Boot (0x1200) (7ca00ad7d2761211d9bf976d38688a4a) \Device\Harddisk1\DR1\Partition0
21:56:01.0379 6016 \Device\Harddisk1\DR1\Partition0 - ok
21:56:01.0389 6016 Boot (0x1200) (b80072c5a60f70c6e3f25bc4734fd2da) \Device\Harddisk2\DR2\Partition0
21:56:01.0391 6016 \Device\Harddisk2\DR2\Partition0 - ok
21:56:01.0394 6016 ============================================================
21:56:01.0394 6016 Scan finished
21:56:01.0394 6016 ============================================================
21:56:01.0427 3052 Detected object count: 0
21:56:01.0427 3052 Actual detected object count: 0
-
all my personnal files have disapeared ... do you think i can retrieve them ? :(
-
all my personnal files have disapeared ... do you think i can retrieve them ?
Can you please explain in more detail?
-
Can you please explain in more detail?
when I look in my "personnal documents folder" all the folders are empty (except Download). Documents/Pictures/Music are totally empty... (I have a quite recent save of all my personnal folder hopefully). I wonder if it is only that files are masked or if all these trojan/virus/malware/rootkit suff have destroyed them?
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi superdave!
The last scan with ESET don't give me the option you mentionned : "list of found threats"
This is due I think that the scan end on a "no threat found" message.
The log on the C: said :
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
-
Just to be sure, let's try this one.
Run the BitDefender Online scanner (http://www.bitdefender.com/scanner/online/free.html)
Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.
Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.
When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.
Post the bdscan.txt file as an Attachment.
-
Hi superDave!
Are you sure of these steps ? Because I don't have the same options/steps you describe ...
When I am on BitDefender online scanner, I clic on the big green button named "start scanner".
A new tab open on firefox, opens a new web site "http://quickscan.bitdefender.com/en/"
A new green button "free scan now" appears on this new web site. I clic on it and a download begin. Then the scan can begin.
At the end of the scan I got "
Your computer is not infected
Share the power of the Bitdefender engines.
Recommend us to your friends!
View report"
Here is the log that appears
QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Mon Nov 28 22:20:12 2011
Machine ID: 104AD72C
No infection found.
-------------------
Processes
---------
(unsigned) Spyware Terminator 4292 C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(verified) hpwuSchd Application 3788 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(verified) AntiVir Desktop 3736 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) Crawler Toolbar 4992 C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
(verified) CyberLink MediaLibray Service 3584 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(verified) CyberLink PowerCinema 3568 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(verified) Firefox 5092 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 452 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 2424 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 4476 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Google Talk Plugin 4728 C:\Users\Cecile\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(verified) HP DVDSmart 3528 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(verified) HP MediaSmart 3640 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(verified) HP MediaSmart TV 3604 C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
(verified) HP Quick Launch Buttons 3652 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(verified) HP Wireless Assistant 3672 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(verified) HP Wireless Assistant 1240 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(verified) HpqToaster Module 3484 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(verified) IDT PC Audio 3728 C:\Program Files\IDT\WDM\sttray.exe
(verified) LightScribe 3912 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(verified) McAfee Security Scanner 4032 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
(verified) Microsoft® Windows® Operating System 124 C:\Windows\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 3980 C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 2472 C:\Windows\System32\conime.exe
(verified) Synaptics Pointing Device Driver 3520 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Système d'exploitation Microsoft® Windo 2072 C:\Program Files\Internet Explorer\ieuser.exe
(verified) Système d'exploitation Microsoft® Windo 2708 C:\Windows\explorer.exe
(verified) Système d'exploitation Microsoft® Windo 2668 C:\Windows\System32\dwm.exe
(verified) Système d'exploitation Microsoft® Windo 2736 C:\Windows\System32\taskeng.exe
(verified) Windows® Internet Explorer 4712 C:\Program Files\Internet Explorer\iexplore.exe
Network activity
----------------
Process iexplore.exe (4712) connected on port 80 (HTTP) --> 93.184.71.2
Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 74.125.39.17
Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 209.85.148.18
Process firefox.exe (5092) connected on port 80 (HTTP) --> 46.33.71.9
Process firefox.exe (5092) connected on port 80 (HTTP) --> 173.194.35.35
Process firefox.exe (5092) connected on port 80 (HTTP) --> 69.171.242.40
Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 69.171.242.40
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5092) connected on port 80 (HTTP) --> 173.194.35.35
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57
Process SpywareTerminatorUpdate.exe (4292) listens on ports: 6881 (BitTorrent)
Autoruns and critical files
---------------------------
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe
(unsigned) Spyware Terminator C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(verified) hpwuSchd Application C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(verified) CyberLink MediaLibray Service C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(verified) CyberLink PowerCinema C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(verified) Flash® Player Installer/Uninstaller C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
(verified) Google Update C:\Users\Cecile\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) HP DVDSmart C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(verified) HP MediaSmart C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(verified) HP MediaSmart TV C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
(verified) HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(verified) HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(verified) HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(verified) IDT PC Audio C:\Program Files\IDT\WDM\sttray.exe
(verified) LightScribe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
(verified) SuperAntiSpyware c:\program files\superantispyware\sasseh.dll
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\BROWSEUI.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\logon.scr
(verified) Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll
Browser plugins
---------------
(unsigned) Crawler Toolbar C:\Program Files\Crawler\Toolbar\ctbr.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll
(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) BitDefender QuickScan C:\Users\Cecile\AppData\Roaming\Mozilla\Firefox\Profiles\wa878qin.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Google Talk Plugin C:\Users\Cecile\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Accelerator C:\Users\Cecile\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
(verified) Google Update C:\Users\Cecile\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
(verified) Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\bin\ssv.dll
(verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
(verified) nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
(verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
(verified) Picasa C:\Program Files\GooglePicasa3\npPicasa3.dll
(verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\mswsock.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\napinsp.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\pnrpnsp.dll
(verified) Unity Player C:\Users\Cecile\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
(verified) Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\Windows\system32\ieframe.dll
Scan
----
MD5: e68590c6931d93cfe35df7a26197b983 C:\Program Files\Crawler\Toolbar\ctbcomm.dll
MD5: b55c22e1b3f605828c9188b5251c6230 C:\Program Files\Crawler\Toolbar\ctbr.dll
MD5: 8072585704b83f53aa7b2575b2267b53 c:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
MD5: 71221415676eb426775cb410ce9e9832 C:\Program Files\FileZilla FTP Client\fzshellext.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: fe957e471958ce98456d98a6122c54d2 c:\Program Files\Microsoft Silverlight\4.0.50401.0\agcore.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
MD5: 480b8218cac947db5f32d126fae2bacd C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
MD5: 9aab7ebc99c559be4a6eca19428b49e5 C:\Program Files\Spyware Terminator\TorentDll.dll
MD5: abb32a44090b77890f785153e41218de C:\Program Files\VideoLAN\VLC\npvlc.dll
MD5: 8f05b0b868dad01371c06eb464f2e675 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MD5: b46192d9a0cb3072cb604a7691003cff C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MD5: 7aa5fdbddc4ed1810bda7ca55316bcc1 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MD5: d02a01478be27a74c017262dd28abd72 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MD5: 25bc19b5a84e52a6d669c874ed9a537c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MD5: 3359bb9ac44545c734d79f23557a3c33 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MD5: d709af78422f6f0ef09cd0b79cfe743f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MD5: a9bb8332bef887a0f4adc3c88cc35bfc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MD5: 28a295aa6abd45f4557b6c00d0f8c5b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MD5: 8c70a2b884ffbbae50bbd21fb962a846 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MD5: 3b308420e61d1d218c2d6d6915756487 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
No file uploaded.
Scan finished - communication took 0 sec
Total traffic - 0.00 MB sent, 0.13 KB recvd
Scanned 774 files and modules - 3 seconds
==============================================================================
I really hope the process is ok... but I doubt since I don't find the different steps you mentionned.
I wonder the website evolved ?
-
Are you sure of these steps ? Because I don't have the same options/steps you describe ...
This is an older speech and the instructions will be dependant upon your OS.
If there are no other issues, we can do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
If this doesn't remove ComboFix, please let me know.
************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Thanks a lot for your help and your attention to my problem !
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.