Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Yahoo Redirection Virus


  • Please log in to reply

#1
AriGold

AriGold

    New Member

  • Member
  • Pip
  • 4 posts
Hi everyone,

I'm really sorry to bug you with this, but I do have the same problem just like a lot of you.
Everytime I make a search on Yahoo with my internet explorer, I do have the search results, but everytime I click, it redirects me.

I've tried : Hijack this, TDSSKiller, Ad Aware, MalwareBytes... None of them worked...

May I ask for your help? I searched all over this forum for help and did some of the things already advised, and couldn't remove that...

Have a great day and it would be so lovely to have your help.

AG
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you post the tdsskiller log, it should be in C:\
  • 0

#3
AriGold

AriGold

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the TDSSKiller log :

2010/11/21 17:37:11.0984 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/21 17:37:11.0984 ================================================================================
2010/11/21 17:37:11.0984 SystemInfo:
2010/11/21 17:37:11.0984
2010/11/21 17:37:11.0984 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/21 17:37:11.0984 Product type: Workstation
2010/11/21 17:37:11.0984 ComputerName: SANDY
2010/11/21 17:37:11.0984 UserName: Porcinet
2010/11/21 17:37:11.0984 Windows directory: C:\WINDOWS
2010/11/21 17:37:11.0984 System windows directory: C:\WINDOWS
2010/11/21 17:37:11.0984 Processor architecture: Intel x86
2010/11/21 17:37:11.0984 Number of processors: 2
2010/11/21 17:37:11.0984 Page size: 0x1000
2010/11/21 17:37:11.0984 Boot type: Normal boot
2010/11/21 17:37:11.0984 ================================================================================
2010/11/21 17:37:12.0296 Initialize success
2010/11/21 17:37:15.0843 ================================================================================
2010/11/21 17:37:15.0843 Scan started
2010/11/21 17:37:15.0843 Mode: Manual;
2010/11/21 17:37:15.0843 ================================================================================
2010/11/21 17:37:17.0343 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/11/21 17:37:17.0625 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/21 17:37:17.0734 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/21 17:37:17.0828 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/11/21 17:37:17.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/21 17:37:18.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/21 17:37:18.0296 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/11/21 17:37:18.0437 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/11/21 17:37:18.0593 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/11/21 17:37:18.0734 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/11/21 17:37:18.0828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/11/21 17:37:18.0921 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/11/21 17:37:19.0000 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/11/21 17:37:19.0078 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/11/21 17:37:19.0187 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/11/21 17:37:19.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/11/21 17:37:19.0468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/11/21 17:37:19.0562 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/11/21 17:37:19.0671 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/11/21 17:37:19.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/21 17:37:19.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/21 17:37:20.0234 ati2mtag (6573dbc6fe38fffef504893c9cba69ed) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/21 17:37:20.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/21 17:37:20.0562 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/21 17:37:20.0671 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/11/21 17:37:20.0828 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/11/21 17:37:20.0984 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/11/21 17:37:21.0140 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/11/21 17:37:21.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/21 17:37:21.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/11/21 17:37:21.0437 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/21 17:37:21.0515 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/11/21 17:37:21.0562 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/21 17:37:21.0656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/21 17:37:21.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/21 17:37:22.0062 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/11/21 17:37:22.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/11/21 17:37:22.0390 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/11/21 17:37:22.0515 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/11/21 17:37:22.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/21 17:37:22.0843 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/21 17:37:23.0015 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/21 17:37:23.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/21 17:37:23.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/21 17:37:23.0421 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys
2010/11/21 17:37:23.0515 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
2010/11/21 17:37:23.0656 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys
2010/11/21 17:37:23.0796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/11/21 17:37:23.0937 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/21 17:37:24.0078 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/11/21 17:37:24.0234 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/11/21 17:37:24.0359 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/21 17:37:24.0515 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/21 17:37:24.0671 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/21 17:37:24.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/21 17:37:24.0968 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/21 17:37:25.0125 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/21 17:37:25.0281 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/21 17:37:25.0421 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/11/21 17:37:25.0578 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/21 17:37:25.0687 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/21 17:37:25.0796 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/21 17:37:25.0859 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/21 17:37:25.0937 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/21 17:37:26.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/21 17:37:26.0156 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/11/21 17:37:26.0265 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/21 17:37:26.0359 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/21 17:37:26.0453 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/11/21 17:37:26.0531 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/21 17:37:26.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/21 17:37:26.0734 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/11/21 17:37:26.0812 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/11/21 17:37:26.0906 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/21 17:37:26.0968 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/21 17:37:27.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/21 17:37:27.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/21 17:37:27.0296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/21 17:37:27.0453 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/21 17:37:27.0593 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/21 17:37:27.0750 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/21 17:37:27.0906 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/21 17:37:28.0031 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/21 17:37:28.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/21 17:37:28.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/21 17:37:28.0484 L8042Kbd (0f5ae6805ef05dbbe205e5b196cadf31) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/11/21 17:37:28.0625 L8042mou (ee1c6c057a83f93ad9ae7cdf12f0baa0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/11/21 17:37:28.0765 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/21 17:37:28.0906 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/21 17:37:28.0984 LBeepKE (17638894e150efee66d97bce8f037519) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/11/21 17:37:29.0156 LHidKe (eaed22460dad9ccd9c9a58c78e717497) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/11/21 17:37:29.0328 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/11/21 17:37:29.0468 mcdbus (5fb43fe50aee92b2b7b34cf2563db2ac) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/11/21 17:37:29.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/21 17:37:29.0671 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/21 17:37:29.0750 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/21 17:37:29.0828 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/21 17:37:29.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/21 17:37:30.0078 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/11/21 17:37:30.0234 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/21 17:37:30.0343 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/21 17:37:30.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/21 17:37:30.0671 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/21 17:37:30.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/21 17:37:30.0953 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/21 17:37:31.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/21 17:37:31.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/21 17:37:31.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/21 17:37:31.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/21 17:37:31.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/21 17:37:31.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/21 17:37:31.0968 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/21 17:37:32.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/21 17:37:32.0281 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/21 17:37:32.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/21 17:37:32.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/21 17:37:32.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/21 17:37:32.0859 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/21 17:37:33.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/21 17:37:33.0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/21 17:37:33.0218 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/21 17:37:33.0421 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
2010/11/21 17:37:33.0625 P3 (cecb679633523ac5eb7eb85f92dcd806) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/21 17:37:33.0656 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/21 17:37:33.0765 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/21 17:37:33.0906 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/21 17:37:33.0984 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/21 17:37:34.0312 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/21 17:37:34.0640 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/21 17:37:36.0468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/11/21 17:37:36.0968 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/11/21 17:37:37.0500 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
2010/11/21 17:37:37.0703 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/11/21 17:37:37.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/21 17:37:37.0890 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/21 17:37:37.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/21 17:37:38.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/21 17:37:38.0156 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/21 17:37:38.0296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/11/21 17:37:38.0390 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/11/21 17:37:38.0500 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/11/21 17:37:38.0640 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/11/21 17:37:38.0796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/11/21 17:37:38.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/21 17:37:39.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/21 17:37:39.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/21 17:37:39.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/21 17:37:39.0375 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/21 17:37:39.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/21 17:37:39.0609 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/21 17:37:39.0765 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/21 17:37:39.0875 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/21 17:37:40.0015 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/21 17:37:40.0125 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/21 17:37:40.0203 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/21 17:37:40.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/21 17:37:40.0421 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/11/21 17:37:40.0562 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/11/21 17:37:40.0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/21 17:37:40.0734 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/21 17:37:40.0843 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/21 17:37:41.0000 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/11/21 17:37:41.0078 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/11/21 17:37:41.0187 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/11/21 17:37:41.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/21 17:37:41.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/21 17:37:41.0421 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/11/21 17:37:41.0500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/11/21 17:37:41.0671 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/11/21 17:37:41.0750 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/11/21 17:37:41.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/21 17:37:41.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/21 17:37:42.0109 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/21 17:37:42.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/21 17:37:42.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/21 17:37:42.0500 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/11/21 17:37:42.0546 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/11/21 17:37:42.0609 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/11/21 17:37:42.0718 tfsndres (c16a70695d78f750680e544103d72d25) C:\WINDOWS\system32\dla\tfsndres.sys
2010/11/21 17:37:42.0828 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/11/21 17:37:42.0906 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/11/21 17:37:43.0046 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/11/21 17:37:43.0171 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/11/21 17:37:43.0281 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/11/21 17:37:43.0406 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/11/21 17:37:43.0515 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/11/21 17:37:43.0656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/21 17:37:43.0734 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/11/21 17:37:43.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/21 17:37:44.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/21 17:37:44.0125 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/21 17:37:44.0203 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/21 17:37:44.0296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/21 17:37:44.0375 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/21 17:37:44.0421 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
2010/11/21 17:37:44.0578 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/21 17:37:44.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/21 17:37:44.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/21 17:37:44.0968 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/11/21 17:37:45.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/11/21 17:37:45.0203 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/21 17:37:45.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/21 17:37:45.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/21 17:37:45.0718 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/21 17:37:45.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/21 17:37:46.0093 ================================================================================
2010/11/21 17:37:46.0093 Scan finished
2010/11/21 17:37:46.0093 ================================================================================
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
AriGold

AriGold

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ComboFix 10-11-20.07 - Porcinet 21/11/2010 18:03:15.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.421 [GMT 1:00]
Lancé depuis: c:\documents and settings\Porcinet\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Porcinet\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B64.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\swUPdate.dll
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Porcinet\Application Data\Dossier de téléchargement Share-to-Web
c:\documents and settings\Porcinet\Local Settings\Temp\IadHide5.dll
c:\program files\Shared
c:\windows\system32\Data

----- BITS: Il y a peut-être des sites infectés -----

hxxp://au.dowj+|[email protected]:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{[email protected]:Nj+|Cv033-7B44-A94000000001}
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe

Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-21 au 2010-11-21 ))))))))))))))))))))))))))))))))))))
.

2010-11-21 17:15 . 2010-11-21 17:15 -------- d-----w- c:\documents and settings\Porcinet\Application Data\Dossier de téléchargement Share-to-Web
2010-11-21 17:15 . 2010-11-21 17:15 -------- d-----w- c:\documents and settings\Porcinet\Application Data\Dossier de téléchargement Share-to-Web
2010-11-21 13:27 . 2010-11-21 13:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-21 13:27 . 2010-11-21 13:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-21 13:22 . 2010-11-21 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-21 02:20 . 2010-11-21 04:23 -------- d-----w- c:\windows\system32\NtmsData
2010-11-21 02:18 . 2010-11-21 02:18 -------- d-----w- c:\documents and settings\Porcinet\Application Data\Avira
2010-11-21 01:44 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-11-21 01:44 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-11-21 00:24 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-20 21:13 . 2010-11-20 21:13 -------- d-----w- c:\documents and settings\LocalService\Bureau
2010-11-20 20:57 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-20 20:57 . 2010-11-20 20:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-20 19:52 . 2010-11-20 19:52 -------- d-----w- c:\documents and settings\Porcinet\Local Settings\Application Data\Sunbelt Software
2010-11-20 19:51 . 2010-11-20 19:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-20 19:50 . 2010-11-20 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-20 01:15 . 2010-11-20 01:15 -------- d-----w- c:\documents and settings\Porcinet\Application Data\Malwarebytes
2010-11-20 01:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 01:15 . 2010-11-20 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-20 01:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 01:15 . 2010-11-20 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2002-08-30 06:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-08-30 06:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-30 06:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-30 06:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2004-08-23 18:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2002-08-30 06:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2002-08-30 06:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2002-08-30 06:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2002-08-30 06:00 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2002-08-30 06:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2002-08-30 06:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2002-08-30 06:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2007-04-08 22:24 . 2007-04-08 22:24 37860928 ----a-w- c:\program files\iTunesSetup.exe
2006-04-19 18:58 . 2006-04-19 18:58 6062443 ----a-w- c:\program files\wptInstaller.exe
2005-09-11 10:23 . 2005-09-11 10:23 9333960 ----a-w- c:\program files\Install_MSN_Messenger.EXE
2004-12-16 19:05 . 2004-12-16 19:05 29577346 ----a-w- c:\program files\WinDVD6.exe
2004-09-28 21:38 . 2004-09-28 21:38 9304688 ----a-w- c:\program files\MPSetupXP.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 36864]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\System32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-10 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 529968]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Porcinet\Menu D‚marrer\Programmes\D‚marrage\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-3-27 546816]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\Programs\MFIndexer.exe [2004-7-25 83456]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-12-19 212992]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-2-24 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-24 671744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [20/11/2010 21:57 64288]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/01/2010 13:28 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/09/2010 08:46 1375992]
R2 LBeepKE;LBeepKE;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [24/02/2007 19:10 3712]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23/09/2010 08:46 15264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/03/2010 18:48 135664]
.
Contenu du dossier 'Tâches planifiées'

2010-11-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 20:56]

2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 17:48]

2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 17:48]

2010-11-21 c:\windows\Tasks\WebReg 20041113142647.job
- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 14:39]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://ie.search.msn.com
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
HKLM-Run-VirusScan - c:\progra~1\mcafee.com\vso\mcvsshld.exe
HKLM-Run-AvatarCapture - c:\program files\AvatarCapture\AvatarCapture.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-21 18:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(396)
c:\docume~1\Porcinet\LOCALS~1\Temp\IadHide5.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
c:\windows\system32\dumprep.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Heure de fin: 2010-11-21 18:29:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-21 17:29

Avant-CF: 46 336 557 056 octets libres
Après-CF: 48 707 543 040 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

- - End Of File - - 6757F6F4832D101C3EC568743CC24D15
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
any redirects now ?
  • 0

#7
AriGold

AriGold

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
All working good!

You're a king!!!

Oh thank you thank you!

Do I have to do something else now ?
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP