Author Topic: Trojan removal - Thx for your help (Read 29470 times)

cian31 · « **on:** November 13, 2011, 02:51:10 AM »

Hi !
My PC runs on Windows Vista.

My computer has been infected with a trojan detected by Avira Antivir Personnal : Crypt.XPACK.Gen2.
I try to put the detected files in "quarantaine" but it seems that it was no good idea...

I am currently in bad situation :
- my PC start but the desk is black with no shortcuts,
- the following error appears many times : "Failed to save all the components for the file \\System32\<number>. The file is corrupted or unreadable. This error may be caused by a PC hardware problem"
- when I look in folders (personnal folder for example), it seems empty.
- I try to download ComboFix.exe but I have the same error : "Installer integrity check has failed"

I look at the post "Read this before posting ..." and :
- I have only one antivirus running (Avira)
- I don't know if there is a default firewall running within Vista
- I can't access the control panel so to unistall suspecious programs : the dedicated menu does not appear in the Start menu and I have no icon on the desk...

- CCCleaner downloaded : same error as ComboFix

-SuperAntiSpyware is currently scanning my PC.

Thanks for your help.

cian31 · « **Reply #1 on:** November 13, 2011, 05:41:50 AM »

See after the SuperAntiSpyware log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2011 at 01:16 PM

Application Version : 5.0.1136

Core Rules Database Version : 7937
Trace Rules Database Version: 5749

Scan type : Complete Scan
Total Scan Time : 02:20:32

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 695
Memory threats detected : 0
Registry items scanned : 36335
Registry threats detected : 1
File items scanned : 186690
File threats detected : 111

Disabled.TaskManager
   HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

Adware.Tracking Cookie
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\cecile@statcounter[2].txt [ /statcounter ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\DUTYN5X6.txt [ /cofidis2.solution.weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\TC8Q1PN1.txt [ /doubleclick.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\QUDV5SZ9.txt [ /media6degrees.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\3YCVQJ1U.txt [ /xiti.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\Y3NM7KZW.txt [ /kontera.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\3Y2PTJKI.txt [ /ad6media.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\94QC8L60.txt [ /smartadserver.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\UXELZNPC.txt [ /pro-market.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\IZP1EK7Z.txt [ /specificclick.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\EL8TR22L.txt [ /ad3.adfarm1.adition.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\N6PB0PFL.txt [ /mediaplex.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\ZIXMF3R4.txt [ /atdmt.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\HI7ZYA78.txt [ /boursoramabanque.solution.weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\R3PXAF93.txt [ /adfarm1.adition.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\69LHBNCI.txt [ /www.googleadservices.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\8WQ8ZNE7.txt [ /tribalfusion.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\8FR70M4G.txt [ /bouyguestelecom.solution.weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\DQC45ABA.txt [ /weborama.fr ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\E13S7U03.txt [ /serving-sys.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\HVMF2GTK.txt [ /c.atdmt.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\9E8P4HUF.txt [ /bs.serving-sys.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\U39XFNFV.txt [ /zanox.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\T7R7XPL5.txt [ /ads.bleepingcomputer.com ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\2A7UNBRG.txt [ /adviva.net ]
   C:\Users\Cecile\AppData\Roaming\Microsoft\Windows\Cookies\7HTN4BR2.txt [ /apmebf.com ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@doubleclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@xiti[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@advertstream[1].txt [ Cookie:[email protected]/a ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@2o7[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@tacoda[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@mediaplex[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@247realmedia[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@atwola[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@advertising[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\cecile@adtech[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\DUTYN5X6.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\TC8Q1PN1.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\QUDV5SZ9.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\3YCVQJ1U.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\UXELZNPC.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\EL8TR22L.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\N6PB0PFL.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\HI7ZYA78.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\R3PXAF93.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\69LHBNCI.txt [ Cookie:[email protected]/pagead/conversion/995025306/ ]
   C:\USERS\CECILE\Cookies\8WQ8ZNE7.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\8FR70M4G.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\DQC45ABA.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\HVMF2GTK.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\9E8P4HUF.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\U39XFNFV.txt [ Cookie:[email protected]/ ]
   C:\USERS\CECILE\Cookies\2A7UNBRG.txt [ Cookie:[email protected]/ ]
   akamai.smartadserver.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   banners.direction-x.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   bc.piximedia.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   bc.youporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   blog.sexe-*censored*-video.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   broadcast.piximedia.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   cdn4.specificclick.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   cdn5.specificclick.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   ds.serving-sys.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   files.youporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   flvtools.spacash.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   ia.media-imdb.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   macromedia.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   mb.sexetube.cc [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.disneyinternational.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.eurolive.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.fdj.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.mtvnservices.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media.thewb.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   media1.break.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   pornsexe.org [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   pubhdstats2.msvp.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   s0.2mdn.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   secure-it.imrworldwide.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   secure-uk.imrworldwide.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   tracking.publicidees.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   vidii.hardsextube.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   vitamine.networldmedia.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.alltheporn.tv [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.amateur2sexe.fr [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.bestof-sexe.net [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.fastforcedfuck.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.mypornmotion.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.naiadsystems.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.pornego.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.pornhub.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.porntubeamateur.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.recherche-*censored*.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexe-libre.org [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexe911.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexeenstreaming.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.sexetube.cc [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.trackgcm.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   www.ziporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   wwwstatic.megaporn.com [ C:\USERS\CECILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QF284G6N ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.YIELDMANAGER ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.SORPRESOR ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@ATDMT[2].TXT [ /ATDMT ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@BLUESTREAK[1].TXT [ /BLUESTREAK ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CECILE@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WW57.SMARTADSERVER ]
   C:\USERS\CECILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW3.SMARTADSERVER ]

cian31 · « **Reply #2 on:** November 13, 2011, 05:52:56 AM »

An error occured :
"
Files indexation process failed.
Indexation process failure may cause :
ï File may became unreadable
ï Files and documents can be lost
ï Operation System may slow down dramatically

To prevent possible damage to this PC follow the recommendations.
Recommendations : it's highly recommended to run file integrity checker now and resolve this issue."

cian31 · « **Reply #3 on:** November 13, 2011, 06:04:20 AM »

i try to install java as suggested in the post "read this before requesting ... " but it failed...
message "install failed"

redd · « **Reply #4 on:** November 13, 2011, 10:02:09 AM »

A simple and good program called Tune up Utilities will help you keep your pc running well. I think you can download it for 30 days to try. Simple and easy to use. I use it and never had any problems with my pc. And a good side kick to run alongside your antivirus is called Malwarebytes anti malware. Just google it. There is a free version and it works great. Highly recommend it. It helped me out with a Trojan that my antivirus could not get and it found it and got rid of it. Try it and see for your self.

cian31 · « **Reply #5 on:** November 13, 2011, 01:14:39 PM »

Thanks for your answer Redd!
As said, I started the analysis of my PC with Malwarebytes and the report seems ok. I can't post the log file : the program associated to a file .txt is now... VLC!!

I still have no more programs displayed in the start menu, no more control panel menu...
When I look at C:\ content in the explorer, there is a never ending filetree with C:\LocalDisk\C:\LocalDisk ... and so on

SuperDave · « **Reply #6 on:** November 13, 2011, 04:03:39 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run this in Safe Mode with Networking. Reboot in Normal mode and see if you can run it again and post the log.

Here's how to get into Safe Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

cian31 · « **Reply #7 on:** November 15, 2011, 02:12:06 AM »

Thanks for your answer SuperDave.
I have already done the Malwarebytes procedure but can't post the log since VLC is now attached to open the txt file. And I don't know how to change it since I have not access to the control panel (all items of strat menu has vanished).
Also, I have a new problem : PC is restarting when I try to launch Firefox... A blue screen appears with error message I have no time to read and the the PC restart.

I will try to re-do the Malwarebytes procedure in a few hours when I get back to my house...

SuperDave · « **Reply #8 on:** November 15, 2011, 11:45:58 AM »

Please download Unhide by Grinler from here and save it to your desktop.
Double click unhide.exe to run the tool.
It will take some time to go through all your files, so please be patient.
If this tool doesn´t fix the problem, please let me know.

cian31 · « **Reply #9 on:** November 17, 2011, 01:05:26 AM »

Hi!
Yesterday night, while I try to install the unhide program you propose, windows proposes to restaure a system point and this time it works.
I try now to install CCcleaner to analyse cookies and suppr them.

SuperDave · « **Reply #10 on:** November 17, 2011, 01:27:38 PM »

Please try to run MBAM and post the log along with these other logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

cian31 · « **Reply #11 on:** November 18, 2011, 12:28:28 AM »

SuperAntiSpyware log file :
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/17/2011 at 11:05 PM

Application Version : 5.0.1136

Core Rules Database Version : 7957
Trace Rules Database Version: 5769

Scan type : Complete Scan
Total Scan Time : 01:49:40

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 735
Memory threats detected : 0
Registry items scanned : 36298
Registry threats detected : 0
File items scanned : 184686
File threats detected : 1

Trojan.Agent/Gen-Nullo[Short]
C:\USERS\CECILE\DOWNLOADS\VLC-PLUGIN-MULTI.EXE

Now will install DDS has you suggest.

cian31 · « **Reply #12 on:** November 18, 2011, 02:36:39 PM »

See here after Attach. txt file log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/12/2008 01:34:50
System Uptime: 18/11/2011 22:26:06 (0 hours ago)
.
Motherboard: HP | | 3600
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket M2/S1G1 | 1100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 55,31 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1,781 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP508: 18/11/2011 01:54:55 - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.2 - Français
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
Atelier Photo FNAC
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
BadCopy Pro
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Crawler Toolbar with Web Security Guard
CyberLink DVD Suite
EasyRecovery Professional Essai
EasyRecovery Professional Trial
ESU for Microsoft Vista
FileZilla Client 3.4.0
GetDataBack for NTFS
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Doc Viewer
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 J1
HP Support Assistant
HP Total Care Advisor
HP Update
HP User Guides 0128
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
Java Auto Updater
Java(TM) 6 Update 20
JMicron JMB38X Flash Media Controller Driver
K-Lite Codec Pack 6.8.0 (Full)
LabelPrint
LightScribe System Software 1.14.17.1
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Office Excel MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Package de pilotes Windows - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
Picasa 3
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skins
Skype Toolbars
Skype™ 4.2
Spyware Terminator
SUPERAntiSpyware
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB934528)
VLC media player 1.1.5
Windows Media Player Firefox Plugin
.
==== End Of File ===========================

cian31 · « **Reply #13 on:** November 18, 2011, 02:37:29 PM »

Please fin hereafter DDS.txt log file :

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Run by Cecile at 22:30:35 on 2011-11-18
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.1922 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpshare.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Barre d'outils &Crawler: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\cecile\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{56FE33FF-CF38-4567-A62A-208CAC0FE17F} : DhcpNameServer = 212.27.40.240 212.27.40.241
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cecile\appdata\roaming\mozilla\firefox\profiles\wa878qin.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\googlepicasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\cecile\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cecile\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\cecile\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cecile\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
FF - Ext: SUPERAntiSpyware Toolbar Powered by Ask.com: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-7 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_805f33de\AEstSrv.exe [2008-12-15 77824]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-12-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-7 56816]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-11-7 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-9-24 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-9-24 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-7 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-22 107360]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-12-15 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-18 07:19:03   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{ced87eeb-0344-4986-b9b9-4f50290600db}\offreg.dll
2011-11-18 00:55:37   6668624   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{ced87eeb-0344-4986-b9b9-4f50290600db}\mpengine.dll
2011-11-17 08:01:34   --------   d-----w-   c:\program files\CCleaner
2011-11-13 13:17:07   --------   d-----w-   c:\users\cecile\appdata\roaming\Malwarebytes
2011-11-13 13:16:56   --------   d-----w-   c:\programdata\Malwarebytes
2011-11-13 13:16:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-13 09:55:36   --------   d--h--w-   c:\program files\Ask.com
2011-11-13 09:53:22   --------   d--h--w-   c:\users\cecile\appdata\roaming\SUPERAntiSpyware.com
2011-11-13 09:52:29   --------   d--h--w-   c:\programdata\SUPERAntiSpyware.com
2011-11-13 09:52:29   --------   d--h--w-   c:\program files\SUPERAntiSpyware
2011-11-09 17:45:36   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2011-11-09 17:45:29   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:45:24   707584   ----a-w-   c:\program files\common files\system\wab32.dll
2011-11-05 10:05:35   653576   ----a-w-   c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2011-09-06 13:30:12   2043392   ----a-w-   c:\windows\system32\win32k.sys
2011-09-02 13:39:07   1383424   ----a-w-   c:\windows\system32\mshtml.tlb
2011-08-25 16:15:04   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01   238080   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-25 13:31:01   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
.
============= FINISH: 22:33:15,91 ===============

SuperDave · « **Reply #14 on:** November 19, 2011, 12:10:05 PM »

Can you update and run MBAM?

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
**********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

cian31 · « **Reply #15 on:** November 20, 2011, 06:48:28 AM »

MBAM updated and currently running.

I will check my JAVA version after MBAM processing.

Thk u for your time and instructions!

cian31 · « **Reply #16 on:** November 20, 2011, 12:55:23 PM »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8198

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20/11/2011 19:06:32
mbam-log-2011-11-20 (19-06-32).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Elément(s) analysé(s): 345180
Temps écoulé: 4 heure(s), 19 minute(s), 45 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

cian31 · « **Reply #17 on:** November 20, 2011, 03:29:46 PM »

ComboFix alert me on a rootkit!

ComboFix 11-11-20.02 - Cecile 20/11/2011 22:55:52.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.1922 [GMT 1:00]
Lancé depuis: c:\users\Cecile\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-10-20 au 2011-11-20 ))))))))))))))))))))))))))))))))))))
.
.
2011-11-20 22:12 . 2011-11-20 22:12   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-20 21:47 . 2011-11-20 21:47   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB35648-5A28-4EC7-8CD3-01DEDF112A85}\offreg.dll
2011-11-20 21:32 . 2011-11-20 22:12   --------   d-----w-   c:\users\Cecile\AppData\Local\temp
2011-11-20 13:44 . 2011-08-31 16:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-20 13:40 . 2011-11-20 13:41   --------   d-----w-   c:\program files\Common Files\Adobe
2011-11-19 01:17 . 2011-10-07 03:48   6668624   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB35648-5A28-4EC7-8CD3-01DEDF112A85}\mpengine.dll
2011-11-17 08:01 . 2011-11-17 08:01   --------   d-----w-   c:\program files\CCleaner
2011-11-13 13:17 . 2011-11-13 13:17   --------   d-----w-   c:\users\Cecile\AppData\Roaming\Malwarebytes
2011-11-13 13:16 . 2011-11-13 13:16   --------   d-----w-   c:\programdata\Malwarebytes
2011-11-13 13:16 . 2011-11-20 13:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-13 09:55 . 2011-11-13 09:56   --------   d--h--w-   c:\program files\Ask.com
2011-11-13 09:53 . 2011-11-13 09:53   --------   d--h--w-   c:\users\Cecile\AppData\Roaming\SUPERAntiSpyware.com
2011-11-13 09:52 . 2011-11-17 20:13   --------   d--h--w-   c:\program files\SUPERAntiSpyware
2011-11-13 09:52 . 2011-11-13 09:52   --------   d--h--w-   c:\programdata\SUPERAntiSpyware.com
2011-11-09 17:45 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 17:45 . 2011-09-20 21:02   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:45 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-05 10:05 . 2011-11-05 10:05   653576   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 13:30 . 2011-10-12 23:52   2043392   ----a-w-   c:\windows\system32\win32k.sys
2011-09-02 13:39 . 2011-10-12 23:50   1383424   ----a-w-   c:\windows\system32\mshtml.tlb
2011-08-25 16:15 . 2011-10-12 23:52   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 23:52   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-12 23:52   238080   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-12 23:52   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-18 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-24 206120]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-10-03 912688]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-09-05 206128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 107360]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-08 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-24 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-24 116096]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-09-08 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543032756-1341853526-3042005519-1000Core.job
- c:\users\Cecile\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 12:04]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3543032756-1341853526-3042005519-1000UA.job
- c:\users\Cecile\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 12:04]
.
2011-11-18 c:\windows\Tasks\HPCeeScheduleForCecile.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Cecile\AppData\Roaming\Mozilla\Firefox\Profiles\wa878qin.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
FF - Ext: SUPERAntiSpyware Toolbar Powered by Ask.com: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-20 23:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Heure de fin: 2011-11-20 23:16:45
ComboFix-quarantined-files.txt 2011-11-20 22:16
ComboFix2.txt 2011-11-20 21:44
.
Avant-CF: 54 672 093 184 octets libres
Après-CF: 54 635 429 888 octets libres
.
- - End Of File - - B5217E7A66B62F8FC968DDCFA5ADB6E3

cian31 · « **Reply #18 on:** November 20, 2011, 03:34:01 PM »

Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Java version out of date!
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
Adobe Reader 9 (Adobe Reader out of date!)
Mozilla Firefox ((3.6.24)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

cian31 · « **Reply #19 on:** November 20, 2011, 03:40:37 PM »

- Java update always stop on an error : internal Interne 2753.regutils.dll
- windows updates also stop on an error : Code 80096001
- Firefox is updated in 8.0
- I don't understand the warning on Adobe Reader version since Adobe 9 is installed et that no other version is detected by the update process of Adobe Reader ...

SuperDave · « **Reply #20 on:** November 21, 2011, 12:55:20 PM »

Your Internet Explorer is also out-of-date. You should update it. Out-dated programs are susceptible to infections.

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply
*******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

cian31 · « **Reply #21 on:** November 21, 2011, 01:02:03 PM »

Quote from: SuperDave on November 21, 2011, 12:55:20 PM

Your Internet Explorer is also out-of-date. You should update it. Out-dated programs are susceptible to infections.

I agree but I can't... the updates mentionned always fail...
I don't know how to force the updates for these programs

cian31 · « **Reply #22 on:** November 21, 2011, 01:33:59 PM »

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 21:06:22
-----------------------------
21:06:22.865 OS Version: Windows 6.0.6002 Service Pack 2
21:06:22.865 Number of processors: 2 586 0x301
21:06:22.869 ComputerName: NAVIS UserName:
21:06:24.176 Initialize success
21:12:42.472 AVAST engine defs: 11112100
21:13:27.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:13:27.596 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
21:13:29.646 Disk 0 MBR read successfully
21:13:29.653 Disk 0 MBR scan
21:13:29.664 Disk 0 unknown MBR code
21:13:29.681 Disk 0 scanning sectors +312573952
21:13:29.789 Disk 0 scanning C:\Windows\system32\drivers
21:13:51.976 Service scanning
21:13:54.274 Modules scanning
21:14:04.720 Disk 0 trace - called modules:
21:14:04.762 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
21:14:04.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858cc8e8]
21:14:04.779 3 CLASSPNP.SYS[807a48b3] -> nt!IofCallDriver -> [0x858da890]
21:14:05.158 5 hpdskflt.sys[8b1b0f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85891b98]
21:14:06.690 AVAST engine scan C:\Windows
21:14:13.120 AVAST engine scan C:\Windows\system32
21:17:20.886 AVAST engine scan C:\Windows\system32\drivers
21:17:35.932 AVAST engine scan C:\Users\Cecile
21:29:35.799 AVAST engine scan C:\ProgramData
21:32:19.987 Scan finished successfully
21:32:59.863 Disk 0 MBR has been saved successfully to "C:\Users\Cecile\Desktop\MBR.dat"
21:32:59.888 The log file has been saved successfully to "C:\Users\Cecile\Desktop\aswMBR.txt"

good log ?

SuperDave · « **Reply #23 on:** November 21, 2011, 04:32:10 PM »

Quote

I don't know how to force the updates for these programs

What happens when you try updating from this site?

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

cian31 · « **Reply #24 on:** November 23, 2011, 01:44:17 PM »

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 21:06:22
-----------------------------
21:06:22.865 OS Version: Windows 6.0.6002 Service Pack 2
21:06:22.865 Number of processors: 2 586 0x301
21:06:22.869 ComputerName: NAVIS UserName:
21:06:24.176 Initialize success
21:12:42.472 AVAST engine defs: 11112100
21:13:27.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:13:27.596 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
21:13:29.646 Disk 0 MBR read successfully
21:13:29.653 Disk 0 MBR scan
21:13:29.664 Disk 0 unknown MBR code
21:13:29.681 Disk 0 scanning sectors +312573952
21:13:29.789 Disk 0 scanning C:\Windows\system32\drivers
21:13:51.976 Service scanning
21:13:54.274 Modules scanning
21:14:04.720 Disk 0 trace - called modules:
21:14:04.762 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
21:14:04.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858cc8e8]
21:14:04.779 3 CLASSPNP.SYS[807a48b3] -> nt!IofCallDriver -> [0x858da890]
21:14:05.158 5 hpdskflt.sys[8b1b0f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85891b98]
21:14:06.690 AVAST engine scan C:\Windows
21:14:13.120 AVAST engine scan C:\Windows\system32
21:17:20.886 AVAST engine scan C:\Windows\system32\drivers
21:17:35.932 AVAST engine scan C:\Users\Cecile
21:29:35.799 AVAST engine scan C:\ProgramData
21:32:19.987 Scan finished successfully
21:32:59.863 Disk 0 MBR has been saved successfully to "C:\Users\Cecile\Desktop\MBR.dat"
21:32:59.888 The log file has been saved successfully to "C:\Users\Cecile\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-23 21:23:51
-----------------------------
21:23:51.718 OS Version: Windows 6.0.6002 Service Pack 2
21:23:51.718 Number of processors: 2 586 0x301
21:23:51.720 ComputerName: NAVIS UserName:
21:23:55.649 Initialize success
21:30:20.794 AVAST engine defs: 11112302
21:32:42.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:32:42.689 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
21:32:44.743 Disk 0 MBR read successfully
21:32:44.749 Disk 0 MBR scan
21:32:44.760 Disk 0 unknown MBR code
21:32:44.788 Disk 0 scanning sectors +312573952
21:32:44.916 Disk 0 scanning C:\Windows\system32\drivers
21:33:24.149 Service scanning
21:33:26.206 Modules scanning
21:34:12.392 Disk 0 trace - called modules:
21:34:12.478 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
21:34:12.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858cc8e8]
21:34:12.495 3 CLASSPNP.SYS[807a48b3] -> nt!IofCallDriver -> [0x858da890]
21:34:12.508 5 hpdskflt.sys[8b1b0f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85891b98]
21:34:13.817 AVAST engine scan C:\Windows
21:34:36.011 AVAST engine scan C:\Windows\system32
21:41:43.801 AVAST engine scan C:\Windows\system32\drivers
21:42:39.545 AVAST engine scan C:\Users\Cecile
21:43:59.675 Disk 0 MBR has been saved successfully to "C:\Users\Cecile\Desktop\MBR.dat"
21:43:59.713 The log file has been saved successfully to "C:\Users\Cecile\Desktop\aswMBR.txt"

cian31 · « **Reply #25 on:** November 23, 2011, 01:51:03 PM »

Quote from: SuperDave on November 21, 2011, 04:32:10 PM

What happens when you try updating from this site?

I try with your link and it's the same : it failed... $:-\$

cian31 · « **Reply #26 on:** November 23, 2011, 01:56:28 PM »

21:53:09.0514 5884   TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
21:53:09.0700 5884   ============================================================
21:53:09.0700 5884   Current date / time: 2011/11/23 21:53:09.0700
21:53:09.0700 5884   SystemInfo:
21:53:09.0700 5884
21:53:09.0701 5884   OS Version: 6.0.6002 ServicePack: 2.0
21:53:09.0701 5884   Product type: Workstation
21:53:09.0701 5884   ComputerName: NAVIS
21:53:09.0702 5884   UserName: Cecile
21:53:09.0702 5884   Windows directory: C:\Windows
21:53:09.0702 5884   System windows directory: C:\Windows
21:53:09.0702 5884   Processor architecture: Intel x86
21:53:09.0702 5884   Number of processors: 2
21:53:09.0702 5884   Page size: 0x1000
21:53:09.0702 5884   Boot type: Normal boot
21:53:09.0702 5884   ============================================================
21:53:11.0995 5884   Initialize success
21:55:06.0949 6016   ============================================================
21:55:06.0949 6016   Scan started
21:55:06.0949 6016   Mode: Manual;
21:55:06.0949 6016   ============================================================
21:55:07.0943 6016   Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:55:07.0945 6016   Accelerometer - ok
21:55:08.0203 6016   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:55:08.0209 6016   ACPI - ok
21:55:08.0526 6016   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:55:08.0582 6016   adp94xx - ok
21:55:08.0784 6016   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:55:08.0822 6016   adpahci - ok
21:55:09.0016 6016   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:55:09.0042 6016   adpu160m - ok
21:55:09.0200 6016   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:55:09.0222 6016   adpu320 - ok
21:55:09.0620 6016   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:55:09.0645 6016   AFD - ok
21:55:09.0817 6016   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:55:09.0834 6016   agp440 - ok
21:55:10.0050 6016   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:55:10.0052 6016   aic78xx - ok
21:55:10.0191 6016   aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
21:55:10.0201 6016   aliide - ok
21:55:10.0432 6016   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:55:10.0450 6016   amdagp - ok
21:55:10.0628 6016   amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
21:55:10.0629 6016   amdide - ok
21:55:10.0848 6016   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:55:10.0861 6016   AmdK7 - ok
21:55:11.0031 6016   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:55:11.0032 6016   AmdK8 - ok
21:55:11.0439 6016   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:55:11.0450 6016   arc - ok
21:55:11.0667 6016   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:55:11.0670 6016   arcsas - ok
21:55:11.0927 6016   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:11.0954 6016   AsyncMac - ok
21:55:12.0076 6016   atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:55:12.0078 6016   atapi - ok
21:55:12.0427 6016   athr (57a25b2a015b6f3d4aef751dd7f517f4) C:\Windows\system32\DRIVERS\athr.sys
21:55:12.0572 6016   athr - ok
21:55:13.0129 6016   atikmdag (ac9e487e3513561e4f7953c438727ff7) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:13.0624 6016   atikmdag - ok
21:55:13.0849 6016   AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:55:13.0850 6016   AtiPcie - ok
21:55:14.0076 6016   avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:55:14.0083 6016   avgio - ok
21:55:14.0294 6016   avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
21:55:14.0303 6016   avgntflt - ok
21:55:14.0491 6016   avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
21:55:14.0499 6016   avipbb - ok
21:55:14.0757 6016   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:55:14.0758 6016   Beep - ok
21:55:15.0031 6016   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:55:15.0032 6016   blbdrive - ok
21:55:15.0172 6016   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:55:15.0182 6016   bowser - ok
21:55:15.0314 6016   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:55:15.0315 6016   BrFiltLo - ok
21:55:15.0492 6016   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:55:15.0494 6016   BrFiltUp - ok
21:55:15.0691 6016   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:55:15.0699 6016   Brserid - ok
21:55:15.0893 6016   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:55:15.0896 6016   BrSerWdm - ok
21:55:16.0019 6016   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:55:16.0020 6016   BrUsbMdm - ok
21:55:16.0190 6016   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:55:16.0191 6016   BrUsbSer - ok
21:55:16.0427 6016   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:55:16.0429 6016   BTHMODEM - ok
21:55:16.0614 6016   catchme - ok
21:55:16.0814 6016   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:16.0823 6016   cdfs - ok
21:55:16.0991 6016   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:55:17.0003 6016   cdrom - ok
21:55:17.0163 6016   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
21:55:17.0171 6016   circlass - ok
21:55:17.0334 6016   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:55:17.0353 6016   CLFS - ok
21:55:17.0534 6016   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:55:17.0535 6016   CmBatt - ok
21:55:17.0658 6016   cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
21:55:17.0670 6016   cmdide - ok
21:55:17.0883 6016   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:55:17.0886 6016   Compbatt - ok
21:55:18.0064 6016   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:55:18.0066 6016   crcdisk - ok
21:55:18.0244 6016   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:55:18.0252 6016   Crusoe - ok
21:55:18.0414 6016   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:55:18.0435 6016   DfsC - ok
21:55:18.0663 6016   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:55:18.0666 6016   disk - ok
21:55:18.0835 6016   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:55:18.0836 6016   drmkaud - ok
21:55:19.0040 6016   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:19.0102 6016   DXGKrnl - ok
21:55:19.0229 6016   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:55:19.0257 6016   E1G60 - ok
21:55:19.0500 6016   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:55:19.0505 6016   Ecache - ok
21:55:19.0773 6016   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:55:19.0815 6016   elxstor - ok
21:55:20.0100 6016   enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
21:55:20.0116 6016   enecir - ok
21:55:20.0312 6016   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:55:20.0313 6016   ErrDev - ok
21:55:20.0555 6016   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:55:20.0568 6016   exfat - ok
21:55:20.0863 6016   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:55:20.0887 6016   fastfat - ok
21:55:21.0130 6016   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:55:21.0132 6016   fdc - ok
21:55:21.0373 6016   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:55:21.0376 6016   FileInfo - ok
21:55:21.0681 6016   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:55:21.0699 6016   Filetrace - ok
21:55:21.0902 6016   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:55:21.0903 6016   flpydisk - ok
21:55:22.0119 6016   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:55:22.0139 6016   FltMgr - ok
21:55:22.0305 6016   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:55:22.0306 6016   Fs_Rec - ok
21:55:22.0485 6016   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:55:22.0488 6016   gagp30kx - ok
21:55:22.0812 6016   HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:55:22.0835 6016   HdAudAddService - ok
21:55:23.0047 6016   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:55:23.0115 6016   HDAudBus - ok
21:55:23.0289 6016   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:55:23.0298 6016   HidBth - ok
21:55:23.0441 6016   HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
21:55:23.0449 6016   HidIr - ok
21:55:23.0688 6016   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:55:23.0689 6016   HidUsb - ok
21:55:23.0877 6016   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:55:23.0886 6016   HpCISSs - ok
21:55:24.0097 6016   hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:55:24.0099 6016   hpdskflt - ok
21:55:24.0232 6016   HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:55:24.0240 6016   HpqKbFiltr - ok
21:55:24.0511 6016   HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:55:24.0575 6016   HTTP - ok
21:55:24.0755 6016   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:55:24.0757 6016   i2omp - ok
21:55:25.0038 6016   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:55:25.0040 6016   i8042prt - ok
21:55:25.0198 6016   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:55:25.0216 6016   iaStorV - ok
21:55:25.0396 6016   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:55:25.0398 6016   iirsp - ok
21:55:25.0587 6016   intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
21:55:25.0588 6016   intelide - ok
21:55:25.0819 6016   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:55:25.0827 6016   intelppm - ok
21:55:25.0971 6016   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:25.0980 6016   IpFilterDriver - ok
21:55:26.0082 6016   IpInIp - ok
21:55:26.0261 6016   IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:55:26.0262 6016   IPMIDRV - ok
21:55:26.0417 6016   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:55:26.0428 6016   IPNAT - ok
21:55:26.0615 6016   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:55:26.0616 6016   IRENUM - ok
21:55:26.0750 6016   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:55:26.0759 6016   isapnp - ok
21:55:27.0053 6016   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:55:27.0076 6016   iScsiPrt - ok
21:55:27.0205 6016   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:55:27.0207 6016   iteatapi - ok
21:55:27.0394 6016   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:55:27.0397 6016   iteraid - ok
21:55:27.0553 6016   JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
21:55:27.0571 6016   JMCR - ok
21:55:27.0776 6016   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:27.0778 6016   kbdclass - ok
21:55:27.0944 6016   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:55:27.0945 6016   kbdhid - ok
21:55:28.0184 6016   KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:55:28.0245 6016   KSecDD - ok
21:55:28.0553 6016   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:55:28.0556 6016   lltdio - ok
21:55:28.0707 6016   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:55:28.0716 6016   LSI_FC - ok
21:55:28.0875 6016   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:55:28.0878 6016   LSI_SAS - ok
21:55:29.0089 6016   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:55:29.0091 6016   LSI_SCSI - ok
21:55:29.0312 6016   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:55:29.0332 6016   luafv - ok
21:55:29.0597 6016   megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:55:29.0606 6016   megasas - ok
21:55:29.0827 6016   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:55:29.0895 6016   MegaSR - ok
21:55:30.0111 6016   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:55:30.0119 6016   Modem - ok
21:55:30.0265 6016   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:55:30.0267 6016   monitor - ok
21:55:30.0376 6016   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:55:30.0384 6016   mouclass - ok
21:55:30.0516 6016   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:55:30.0517 6016   mouhid - ok
21:55:30.0679 6016   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:55:30.0701 6016   MountMgr - ok
21:55:30.0870 6016   mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:55:30.0888 6016   mpio - ok
21:55:31.0061 6016   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:55:31.0063 6016   mpsdrv - ok
21:55:31.0313 6016   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:55:31.0321 6016   Mraid35x - ok
21:55:31.0510 6016   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:55:31.0547 6016   MRxDAV - ok
21:55:31.0721 6016   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:31.0730 6016   mrxsmb - ok
21:55:31.0862 6016   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:31.0927 6016   mrxsmb10 - ok
21:55:32.0054 6016   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:32.0086 6016   mrxsmb20 - ok
21:55:32.0316 6016   msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:55:32.0325 6016   msahci - ok
21:55:32.0459 6016   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:55:32.0469 6016   msdsm - ok
21:55:32.0647 6016   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:55:32.0649 6016   Msfs - ok
21:55:32.0866 6016   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:55:32.0867 6016   msisadrv - ok
21:55:33.0082 6016   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:55:33.0083 6016   MSKSSRV - ok
21:55:33.0300 6016   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:33.0302 6016   MSPCLOCK - ok
21:55:33.0423 6016   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:55:33.0424 6016   MSPQM - ok
21:55:33.0585 6016   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:55:33.0602 6016   MsRPC - ok
21:55:33.0727 6016   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:55:33.0729 6016   mssmbios - ok
21:55:33.0868 6016   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:55:33.0869 6016   MSTEE - ok
21:55:34.0027 6016   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:55:34.0036 6016   Mup - ok
21:55:34.0236 6016   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:55:34.0259 6016   NativeWifiP - ok
21:55:34.0539 6016   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:55:34.0593 6016   NDIS - ok
21:55:34.0752 6016   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:34.0761 6016   NdisTapi - ok
21:55:34.0982 6016   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:35.0000 6016   Ndisuio - ok
21:55:35.0176 6016   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:35.0179 6016   NdisWan - ok
21:55:35.0392 6016   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:55:35.0395 6016   NDProxy - ok
21:55:35.0566 6016   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:55:35.0574 6016   NetBIOS - ok
21:55:35.0795 6016   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:55:35.0800 6016   netbt - ok
21:55:36.0315 6016   NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:55:36.0715 6016   NETw3v32 - ok
21:55:36.0871 6016   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:55:36.0880 6016   nfrd960 - ok
21:55:36.0996 6016   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:55:36.0998 6016   Npfs - ok
21:55:37.0129 6016   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:55:37.0131 6016   nsiproxy - ok
21:55:37.0442 6016   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:55:37.0572 6016   Ntfs - ok
21:55:37.0777 6016   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:55:37.0787 6016   ntrigdigi - ok
21:55:37.0948 6016   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:55:37.0950 6016   Null - ok
21:55:38.0194 6016   nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:55:38.0219 6016   nvraid - ok
21:55:38.0311 6016   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:55:38.0329 6016   nvstor - ok
21:55:38.0507 6016   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:55:38.0515 6016   nv_agp - ok
21:55:38.0614 6016   NwlnkFlt - ok
21:55:38.0718 6016   NwlnkFwd - ok
21:55:38.0923 6016   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:55:38.0925 6016   ohci1394 - ok
21:55:39.0125 6016   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:55:39.0144 6016   Parport - ok
21:55:39.0391 6016   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:55:39.0400 6016   partmgr - ok
21:55:39.0547 6016   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:55:39.0548 6016   Parvdm - ok
21:55:39.0776 6016   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:55:39.0780 6016   pci - ok
21:55:39.0938 6016   pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:55:39.0939 6016   pciide - ok
21:55:40.0146 6016   pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:55:40.0166 6016   pcmcia - ok
21:55:40.0438 6016   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:55:40.0581 6016   PEAUTH - ok
21:55:40.0849 6016   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:40.0851 6016   PptpMiniport - ok
21:55:40.0978 6016   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
21:55:40.0981 6016   Processor - ok
21:55:41.0207 6016   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:55:41.0209 6016   PSched - ok
21:55:41.0402 6016   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:55:41.0496 6016   ql2300 - ok
21:55:41.0730 6016   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:55:41.0747 6016   ql40xx - ok
21:55:41.0920 6016   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:55:41.0930 6016   QWAVEdrv - ok
21:55:42.0127 6016   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:42.0128 6016   RasAcd - ok
21:55:42.0287 6016   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:42.0290 6016   Rasl2tp - ok
21:55:42.0588 6016   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:42.0590 6016   RasPppoe - ok
21:55:42.0863 6016   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:55:42.0872 6016   RasSstp - ok
21:55:43.0162 6016   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:43.0204 6016   rdbss - ok
21:55:43.0428 6016   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:43.0429 6016   RDPCDD - ok
21:55:43.0554 6016   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:55:43.0578 6016   rdpdr - ok
21:55:43.0758 6016   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:55:43.0760 6016   RDPENCDD - ok
21:55:43.0925 6016   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:55:43.0934 6016   RDPWD - ok
21:55:44.0142 6016   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:44.0158 6016   rspndr - ok
21:55:44.0384 6016   RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:55:44.0387 6016   RTL8169 - ok
21:55:44.0571 6016   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:55:44.0573 6016   SASDIFSV - ok
21:55:44.0616 6016   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:55:44.0634 6016   SASKUTIL - ok
21:55:44.0847 6016   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:55:44.0855 6016   sbp2port - ok
21:55:45.0097 6016   sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:55:45.0121 6016   sdbus - ok
21:55:45.0304 6016   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:55:45.0326 6016   secdrv - ok
21:55:45.0480 6016   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:55:45.0481 6016   Serenum - ok
21:55:45.0641 6016   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:55:45.0643 6016   Serial - ok
21:55:45.0869 6016   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:55:45.0886 6016   sermouse - ok
21:55:46.0090 6016   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:55:46.0091 6016   sffdisk - ok
21:55:46.0222 6016   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:46.0224 6016   sffp_mmc - ok
21:55:46.0430 6016   sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:55:46.0431 6016   sffp_sd - ok
21:55:46.0633 6016   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:55:46.0634 6016   sfloppy - ok
21:55:46.0890 6016   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:55:46.0901 6016   sisagp - ok
21:55:47.0027 6016   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:55:47.0037 6016   SiSRaid2 - ok
21:55:47.0170 6016   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:55:47.0172 6016   SiSRaid4 - ok
21:55:47.0326 6016   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:55:47.0329 6016   Smb - ok
21:55:47.0510 6016   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:55:47.0519 6016   spldr - ok
21:55:47.0728 6016   srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:55:47.0770 6016   srv - ok
21:55:47.0981 6016   srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:55:47.0985 6016   srv2 - ok
21:55:48.0152 6016   srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:55:48.0155 6016   srvnet - ok
21:55:48.0345 6016   ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:55:48.0353 6016   ssmdrv - ok
21:55:48.0562 6016   STHDA (87a094ca41bc86ce430df0ed0c846dc8) C:\Windows\system32\DRIVERS\stwrt.sys
21:55:48.0578 6016   STHDA - ok
21:55:48.0738 6016   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:55:48.0740 6016   swenum - ok
21:55:48.0901 6016   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:55:48.0903 6016   Symc8xx - ok
21:55:49.0011 6016   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:55:49.0012 6016   Sym_hi - ok
21:55:49.0196 6016   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:55:49.0197 6016   Sym_u3 - ok
21:55:49.0403 6016   SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
21:55:49.0412 6016   SynTP - ok
21:55:49.0617 6016   Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:55:49.0687 6016   Tcpip - ok
21:55:49.0921 6016   Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:55:49.0936 6016   Tcpip6 - ok
21:55:50.0076 6016   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:55:50.0077 6016   tcpipreg - ok
21:55:50.0274 6016   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:55:50.0275 6016   TDPIPE - ok
21:55:50.0421 6016   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:55:50.0423 6016   TDTCP - ok
21:55:50.0572 6016   tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:55:50.0574 6016   tdx - ok
21:55:50.0680 6016   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:55:50.0682 6016   TermDD - ok
21:55:50.0873 6016   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:50.0875 6016   tssecsrv - ok
21:55:51.0071 6016   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:55:51.0073 6016   tunmp - ok
21:55:51.0230 6016   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:55:51.0232 6016   tunnel - ok
21:55:51.0407 6016   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:55:51.0409 6016   uagp35 - ok
21:55:51.0607 6016   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:55:51.0621 6016   udfs - ok
21:55:51.0851 6016   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:55:51.0853 6016   uliagpkx - ok
21:55:51.0985 6016   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:55:52.0013 6016   uliahci - ok
21:55:52.0176 6016   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:55:52.0178 6016   UlSata - ok
21:55:52.0279 6016   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:55:52.0282 6016   ulsata2 - ok
21:55:52.0466 6016   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:55:52.0468 6016   umbus - ok
21:55:52.0602 6016   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:52.0604 6016   usbccgp - ok
21:55:52.0798 6016   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:55:52.0822 6016   usbcir - ok
21:55:53.0056 6016   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:55:53.0058 6016   usbehci - ok
21:55:53.0275 6016   usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
21:55:53.0277 6016   usbfilter - ok
21:55:53.0392 6016   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:55:53.0402 6016   usbhub - ok
21:55:53.0528 6016   usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:55:53.0530 6016   usbohci - ok
21:55:53.0714 6016   usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:55:53.0715 6016   usbprint - ok
21:55:53.0857 6016   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:53.0859 6016   USBSTOR - ok
21:55:53.0993 6016   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:55:53.0995 6016   usbuhci - ok
21:55:54.0185 6016   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:55:54.0188 6016   usbvideo - ok
21:55:54.0403 6016   vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:54.0405 6016   vga - ok
21:55:54.0543 6016   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:55:54.0545 6016   VgaSave - ok
21:55:54.0680 6016   viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:55:54.0683 6016   viaagp - ok
21:55:54.0905 6016   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:55:54.0906 6016   ViaC7 - ok
21:55:55.0091 6016   viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
21:55:55.0093 6016   viaide - ok
21:55:55.0317 6016   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:55:55.0320 6016   volmgr - ok
21:55:55.0546 6016   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:55:55.0564 6016   volmgrx - ok
21:55:55.0787 6016   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:55:55.0797 6016   volsnap - ok
21:55:55.0937 6016   vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:55:55.0940 6016   vsmraid - ok
21:55:56.0143 6016   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:55:56.0145 6016   WacomPen - ok
21:55:56.0292 6016   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:56.0296 6016   Wanarp - ok
21:55:56.0333 6016   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:56.0335 6016   Wanarpv6 - ok
21:55:56.0530 6016   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:55:56.0532 6016   Wd - ok
21:55:56.0733 6016   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:55:56.0786 6016   Wdf01000 - ok
21:55:57.0083 6016   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:55:57.0084 6016   WmiAcpi - ok
21:55:57.0248 6016   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:55:57.0250 6016   ws2ifsl - ok
21:55:57.0460 6016   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:57.0462 6016   WUDFRd - ok
21:55:57.0663 6016   yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
21:55:57.0678 6016   yukonwlh - ok
21:55:57.0861 6016   {55662437-DA8C-40c0-AADA-2C816A897A49} (bdfde977f5e88a539187aef24ded7c40) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
21:55:57.0880 6016   {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
21:55:57.0936 6016   MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
21:55:57.0954 6016   \Device\Harddisk0\DR0 - ok
21:55:57.0967 6016   MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:55:59.0619 6016   \Device\Harddisk1\DR1 - ok
21:55:59.0631 6016   MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
21:56:01.0229 6016   \Device\Harddisk2\DR2 - ok
21:56:01.0259 6016   Boot (0x1200) (967cea4e3bb8b75f3689a169f2ce7cae) \Device\Harddisk0\DR0\Partition0
21:56:01.0267 6016   \Device\Harddisk0\DR0\Partition0 - ok
21:56:01.0311 6016   Boot (0x1200) (70d61108dde852fbf1de720d227b7b9f) \Device\Harddisk0\DR0\Partition1
21:56:01.0337 6016   \Device\Harddisk0\DR0\Partition1 - ok
21:56:01.0370 6016   Boot (0x1200) (7ca00ad7d2761211d9bf976d38688a4a) \Device\Harddisk1\DR1\Partition0
21:56:01.0379 6016   \Device\Harddisk1\DR1\Partition0 - ok
21:56:01.0389 6016   Boot (0x1200) (b80072c5a60f70c6e3f25bc4734fd2da) \Device\Harddisk2\DR2\Partition0
21:56:01.0391 6016   \Device\Harddisk2\DR2\Partition0 - ok
21:56:01.0394 6016   ============================================================
21:56:01.0394 6016   Scan finished
21:56:01.0394 6016   ============================================================
21:56:01.0427 3052   Detected object count: 0
21:56:01.0427 3052   Actual detected object count: 0

cian31 · « **Reply #27 on:** November 23, 2011, 02:12:56 PM »

all my personnal files have disapeared ... do you think i can retrieve them ?

SuperDave · « **Reply #28 on:** November 23, 2011, 04:52:49 PM »

Quote

all my personnal files have disapeared ... do you think i can retrieve them ?

Can you please explain in more detail?

cian31 · « **Reply #29 on:** November 24, 2011, 09:45:07 AM »

Quote from: SuperDave on November 23, 2011, 04:52:49 PM

Can you please explain in more detail?

when I look in my "personnal documents folder" all the folders are empty (except Download). Documents/Pictures/Music are totally empty... (I have a quite recent save of all my personnal folder hopefully). I wonder if it is only that files are masked or if all these trojan/virus/malware/rootkit suff have destroyed them?

SuperDave · « **Reply #30 on:** November 25, 2011, 04:55:41 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

cian31 · « **Reply #31 on:** November 28, 2011, 12:50:30 AM »

Hi superdave!
The last scan with ESET don't give me the option you mentionned : "list of found threats"
This is due I think that the scan end on a "no threat found" message.

The log on the C: said :

Quote

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

SuperDave · « **Reply #32 on:** November 28, 2011, 01:33:01 PM »

Just to be sure, let's try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

cian31 · « **Reply #33 on:** November 28, 2011, 02:23:30 PM »

Hi superDave!
Are you sure of these steps ? Because I don't have the same options/steps you describe ...

When I am on BitDefender online scanner, I clic on the big green button named "start scanner".
A new tab open on firefox, opens a new web site "http://quickscan.bitdefender.com/en/"
A new green button "free scan now" appears on this new web site. I clic on it and a download begin. Then the scan can begin.
At the end of the scan I got "
Your computer is not infected
Share the power of the Bitdefender engines.
Recommend us to your friends!
View report"

Here is the log that appears

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Mon Nov 28 22:20:12 2011
Machine ID: 104AD72C

No infection found.
-------------------

Processes
---------
(unsigned) Spyware Terminator 4292 C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

(verified) hpwuSchd Application 3788 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(verified) AntiVir Desktop 3736 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) Crawler Toolbar 4992 C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
(verified) CyberLink MediaLibray Service 3584 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(verified) CyberLink PowerCinema 3568 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(verified) Firefox 5092 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 452 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 2424 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 4476 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Google Talk Plugin 4728 C:\Users\Cecile\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(verified) HP DVDSmart 3528 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(verified) HP MediaSmart 3640 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(verified) HP MediaSmart TV 3604 C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
(verified) HP Quick Launch Buttons 3652 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(verified) HP Wireless Assistant 3672 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(verified) HP Wireless Assistant 1240 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(verified) HpqToaster Module 3484 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(verified) IDT PC Audio 3728 C:\Program Files\IDT\WDM\sttray.exe
(verified) LightScribe 3912 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(verified) McAfee Security Scanner 4032 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
(verified) Microsoft® Windows® Operating System 124 C:\Windows\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 3980 C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 2472 C:\Windows\System32\conime.exe
(verified) Synaptics Pointing Device Driver 3520 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Système d'exploitation Microsoft® Windo 2072 C:\Program Files\Internet Explorer\ieuser.exe
(verified) Système d'exploitation Microsoft® Windo 2708 C:\Windows\explorer.exe
(verified) Système d'exploitation Microsoft® Windo 2668 C:\Windows\System32\dwm.exe
(verified) Système d'exploitation Microsoft® Windo 2736 C:\Windows\System32\taskeng.exe
(verified) Windows® Internet Explorer 4712 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process iexplore.exe (4712) connected on port 80 (HTTP) --> 93.184.71.2
Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 74.125.39.17
Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 209.85.148.18
Process firefox.exe (5092) connected on port 80 (HTTP) --> 46.33.71.9
Process firefox.exe (5092) connected on port 80 (HTTP) --> 173.194.35.35
Process firefox.exe (5092) connected on port 80 (HTTP) --> 69.171.242.40
Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 69.171.242.40
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5092) connected on port 80 (HTTP) --> 173.194.35.35
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57

Process SpywareTerminatorUpdate.exe (4292) listens on ports: 6881 (BitTorrent)

Autoruns and critical files
---------------------------
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe
(unsigned) Spyware Terminator C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

(verified) hpwuSchd Application C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(verified) CyberLink MediaLibray Service C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(verified) CyberLink PowerCinema C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(verified) Flash® Player Installer/Uninstaller C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
(verified) Google Update C:\Users\Cecile\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) HP DVDSmart C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(verified) HP MediaSmart C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(verified) HP MediaSmart TV C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
(verified) HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(verified) HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(verified) HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(verified) IDT PC Audio C:\Program Files\IDT\WDM\sttray.exe
(verified) LightScribe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
(verified) SuperAntiSpyware c:\program files\superantispyware\sasseh.dll
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\BROWSEUI.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\logon.scr
(verified) Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins
---------------
(unsigned) Crawler Toolbar C:\Program Files\Crawler\Toolbar\ctbr.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll

(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) BitDefender QuickScan C:\Users\Cecile\AppData\Roaming\Mozilla\Firefox\Profiles\wa878qin.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Google Talk Plugin C:\Users\Cecile\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Accelerator C:\Users\Cecile\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
(verified) Google Update C:\Users\Cecile\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
(verified) Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\bin\ssv.dll
(verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
(verified) nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
(verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
(verified) Picasa C:\Program Files\GooglePicasa3\npPicasa3.dll
(verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\mswsock.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\napinsp.dll
(verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\pnrpnsp.dll
(verified) Unity Player C:\Users\Cecile\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
(verified) Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\Windows\system32\ieframe.dll

Scan
----
MD5: e68590c6931d93cfe35df7a26197b983 C:\Program Files\Crawler\Toolbar\ctbcomm.dll
MD5: b55c22e1b3f605828c9188b5251c6230 C:\Program Files\Crawler\Toolbar\ctbr.dll
MD5: 8072585704b83f53aa7b2575b2267b53 c:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
MD5: 71221415676eb426775cb410ce9e9832 C:\Program Files\FileZilla FTP Client\fzshellext.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: fe957e471958ce98456d98a6122c54d2 c:\Program Files\Microsoft Silverlight\4.0.50401.0\agcore.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
MD5: 480b8218cac947db5f32d126fae2bacd C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
MD5: 9aab7ebc99c559be4a6eca19428b49e5 C:\Program Files\Spyware Terminator\TorentDll.dll
MD5: abb32a44090b77890f785153e41218de C:\Program Files\VideoLAN\VLC\npvlc.dll
MD5: 8f05b0b868dad01371c06eb464f2e675 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MD5: b46192d9a0cb3072cb604a7691003cff C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MD5: 7aa5fdbddc4ed1810bda7ca55316bcc1 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MD5: d02a01478be27a74c017262dd28abd72 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MD5: 25bc19b5a84e52a6d669c874ed9a537c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MD5: 3359bb9ac44545c734d79f23557a3c33 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MD5: d709af78422f6f0ef09cd0b79cfe743f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MD5: a9bb8332bef887a0f4adc3c88cc35bfc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MD5: 28a295aa6abd45f4557b6c00d0f8c5b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MD5: 8c70a2b884ffbbae50bbd21fb962a846 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MD5: 3b308420e61d1d218c2d6d6915756487 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll

No file uploaded.

Scan finished - communication took 0 sec
Total traffic - 0.00 MB sent, 0.13 KB recvd
Scanned 774 files and modules - 3 seconds

==============================================================================

I really hope the process is ok... but I doubt since I don't find the different steps you mentionned.
I wonder the website evolved ?

SuperDave · « **Reply #34 on:** November 28, 2011, 04:53:02 PM »

Quote

Are you sure of these steps ? Because I don't have the same options/steps you describe ...

This is an older speech and the instructions will be dependant upon your OS.
If there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

If this doesn't remove ComboFix, please let me know.
************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

cian31 · « **Reply #35 on:** November 29, 2011, 01:55:34 AM »

Thanks a lot for your help and your attention to my problem !

SuperDave · « **Reply #36 on:** November 29, 2011, 04:41:12 PM »

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Trojan removal - Thx for your help (Read 29470 times)

cian31

cian31

cian31

cian31

redd

cian31

SuperDave

cian31

SuperDave

cian31

SuperDave

cian31

cian31

cian31

SuperDave

cian31

cian31

cian31

cian31

cian31

SuperDave

cian31

cian31

SuperDave

cian31

cian31

cian31

cian31

SuperDave

cian31

SuperDave

cian31

SuperDave

cian31

SuperDave

cian31

SuperDave