Infection Trojan! Rapport HijackThis à lire

Fermé

Sarah - 14 août 2009 à 01:09
Utilisateur anonyme - 15 août 2009 à 21:10

Bonjour,

Je suis infectée :(
Je fais appel à votre expertise pour me sortir de là. Help me svp.

Config: Vista, Antivir, Spybot Search & Destroy
J'ai scanné avec HijackThis. Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:25, on 13/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\admin\AppData\Roaming\taskeng.exe
C:\Users\admin\Desktop\Téléchargements\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {300BC64A-BF32-4cc8-8917-91148CEFE700} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Users\admin\AppData\Roaming\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger tout avec FlashGet - J:\10 BackUp-Program\FlashGet\jc_all.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dianceth.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080724113114
O17 - HKLM\System\CCS\Services\Tcpip\..\{231B5067-9D34-4AA2-8274-A688791DE4DF}: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{231B5067-9D34-4AA2-8274-A688791DE4DF}: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

A voir également:

Infection Trojan! Rapport HijackThis à lire
Lire le coran en français pdf - Télécharger - Histoire & Religion
Lire epub - Guide
Lire fichier bin - Guide
Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
Trojan remover - Télécharger - Antivirus & Antimalwares

43 réponses

Réponse 21 / 43

Utilisateur anonyme
14 août 2009 à 15:34

oups j'ai oublié un guillemet ^^

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :

( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Réponse 22 / 43

Sarah
14 août 2009 à 16:00

Problème :(
J'ai un message d'erreur au court de l'installation de Malwarebytes. Je te laisse regardé ce qu'il en est ici :
http://www.cijoint.fr/cjlink.php?file=cj200908/cijVWQn0ZB.docx

Réponse 23 / 43

Utilisateur anonyme
14 août 2009 à 16:04

Télécharge SysProt (De Swatkat) sur ton bureau :

> ! Déconnecte toi, ferme toutes tes applications le temps de la manipe !

> ! Désactive tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !

> Double clique sur SysProt.exe afin de le lancer.

> Clique sur l'onglet "log"

> Coche toutes les cases présentes dans l'encadré "Write to log" .

> Puis clique sur le bouton en bas à droite [Create Log] .

> Le scan démarre , laisse travailler l'outil ( même si il semble avoir planté ...)

> Au bout d'un moment, une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .

> Patiente de nouveau ... attends le message de fin indiquant la creation du rapport et clique sur "OK"

===> Ferme SysProt, et copie/colle le contenu du rapport ( SysProtLog.txt ) qui a été sauvegardé sur ton bureau dans ta prochaine réponse.

Réponse 24 / 43

Sarah
14 août 2009 à 16:44

Et hop!

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 436
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 568
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 636
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 692
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 776
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 948
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1008
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1072
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1168
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Ati2evxx.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1264
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PID: 1296
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1308
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1360
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Ati2evxx.exe
PID: 1812
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1836
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1848
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 252
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 280
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 1532
Hidden: No
Window Visible: No

Name: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PID: 864
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PID: 1888
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PID: 2088
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2200
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2228
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PID: 2256
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2300
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PID: 2316
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2380
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2432
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 2444
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2508
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2572
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PID: 2608
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PID: 2676
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 3348
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 3304
Hidden: No
Window Visible: No

Name: C:\Windows\RtHDVCpl.exe
PID: 3320
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PID: 3388
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PID: 3508
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 3524
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3204
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2280
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 3576
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 3340
Hidden: No
Window Visible: Yes

Name: C:\Windows\ehome\ehtray.exe
PID: 3968
Hidden: No
Window Visible: No

Name: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
PID: 3552
Hidden: No
Window Visible: No

Name: C:\Program Files\WinZip\WZQKPICK.EXE
PID: 992
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 3416
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PID: 4016
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Windows\System32\conime.exe
PID: 7736
Hidden: No
Window Visible: No

Name: C:\Users\admin\Desktop\SysProt.exe
PID: 20600
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\ESQULsmnqpxxexxmhjyvmotiocifkemryorbd.sys
Service Name: ESQULserv.sys
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Users\admin\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: AEA87000
Module End: AEA92000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 82203000
Module End: 825BC000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 825BC000
Module End: 825EF000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80602000
Module End: 8060A000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 8060A000
Module End: 8061B000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 8061B000
Module End: 80623000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 80623000
Module End: 80664000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 80664000
Module End: 80744000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80744000
Module End: 807C0000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 807C0000
Module End: 807CD000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8720C000
Module End: 87252000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 87252000
Module End: 8725B000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 8725B000
Module End: 87263000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 87263000
Module End: 8728A000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8728A000
Module End: 87299000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 87299000
Module End: 872A8000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 872A8000
Module End: 872F2000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 872F2000
Module End: 872F9000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 872F9000
Module End: 87307000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 87307000
Module End: 87317000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 87317000
Module End: 8731F000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8731F000
Module End: 8733D000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 8733D000
Module End: 8736F000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8736F000
Module End: 8737F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\psdfilter.sys
Service Name: PSDFilter
Module Base: 8737F000
Module End: 87388000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 87388000
Module End: 873F9000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 87409000
Module End: 87514000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8753F000
Module End: 87579000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8760F000
Module End: 876F6000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 876F6000
Module End: 87711000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8780D000
Module End: 8791C000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8791C000
Module End: 87955000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 87955000
Module End: 8795D000
Hidden: No

Module Name: C:\Windows\system32\drivers\psdvdisk.sys
Service Name: disk
Module Base: 8795D000
Module End: 8796F000
Hidden: No

Module Name: C:\Windows\system32\drivers\PSDNServ.sys
Service Name: PSDNServ
Module Base: 8796F000
Module End: 87978000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 87978000
Module End: 87987000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 87987000
Module End: 879AE000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: ---
Module Base: 879AE000
Module End: 879BF000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 879BF000
Module End: 879E0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AtiPcie.sys
Service Name: AtiPcie
Module Base: 879E0000
Module End: 879E8000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 879E8000
Module End: 879F1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 87719000
Module End: 87724000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 87724000
Module End: 8772D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 8772D000
Module End: 8773D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\atikmdag.sys
Service Name: atikmdag
Module Base: 8DA02000
Module End: 8E0AF000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8E0AF000
Module End: 8E14E000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8E14E000
Module End: 8E15B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8E15B000
Module End: 8E16D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\yk60x86.sys
Service Name: yukonwlh
Module Base: 8E16D000
Module End: 8E1AB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8E1AB000
Module End: 8E1B5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8E1B5000
Module End: 8E1F3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8773D000
Module End: 8774C000
Hidden: No

Module Name: C:\Windows\system32\drivers\pfc.sys
Service Name: pfc
Module Base: 8E1F3000
Module End: 8E1F6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8774C000
Module End: 87764000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\NTIDrvr.sys
Service Name: NTIDrvr
Module Base: 8E1F6000
Module End: 8E1F8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 87764000
Module End: 87774000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 87774000
Module End: 87782000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: 8778D000
Module End: 877A7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: 877A7000
Module End: 877B1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: 877B1000
Module End: 877C9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 877C9000
Module End: 877DC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 877DC000
Module End: 877E7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 87579000
Module End: 875A7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 875A7000
Module End: 875E8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 877E7000
Module End: 877F2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 875E8000
Module End: 875FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 877F2000
Module End: 877FD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 807CD000
Module End: 807F0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 87600000
Module End: 8760F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8E405000
Module End: 8E419000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8E419000
Module End: 8E42E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8E42E000
Module End: 8E43E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8E43E000
Module End: 8E449000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8E449000
Module End: 8E44B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8E44B000
Module End: 8E475000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8E475000
Module End: 8E47F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8E47F000
Module End: 8E48C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8E48C000
Module End: 8E4C0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8E4C0000
Module End: 8E4D1000
Hidden: No

Module Name: C:\Windows\system32\drivers\HdAudio.sys
Service Name: HdAudAddService
Module Base: 8E4DC000
Module End: 8E51B000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8E51B000
Module End: 8E548000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8E548000
Module End: 8E56D000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8E60B000
Module End: 8E7B8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8E7C8000
Module End: 8E7CF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8E7D8000
Module End: 8E7DF000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8E7DF000
Module End: 8E7EB000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8E578000
Module End: 8E599000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8E7EB000
Module End: 8E7F3000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8E7F3000
Module End: 8E7FB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8E5C3000
Module End: 8E5D1000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8E7CF000
Module End: 8E7D8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8E5D1000
Module End: 8E5E7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8E5E7000
Module End: 8E5FB000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8E80E000
Module End: 8E856000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8E856000
Module End: 8E888000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8E888000
Module End: 8E89E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8E89E000
Module End: 8E8AC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8E8AC000
Module End: 8E8BF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: 8E8BF000
Module End: 8E8C5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8E8C5000
Module End: 8E901000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8E901000
Module End: 8E90B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8E90B000
Module End: 8E922000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: 8E922000
Module End: 8E93E000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: 8E93E000
Module End: 8E940000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8E940000
Module End: 8E94D000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8E94D000
Module End: 8E958000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8E958000
Module End: 8E960000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8E960000
Module End: 8E96A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8E96A000
Module End: 8E981000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8E981000
Module End: 8E983000
Hidden: No

Module Name: C:\Windows\system32\drivers\LVUSBSta.sys
Service Name: LVUSBSta
Module Base: 8E983000
Module End: 8E98C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\LV302V32.SYS
Service Name: PID_PEPI
Module Base: 96818000
Module End: 9694F000
Hidden: No

Module Name: C:\Windows\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: 9694F000
Module End: 96961000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 96961000
Module End: 96970000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 96970000
Module End: 96979000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 96979000
Module End: 96989000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: 96989000
Module End: 9699B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 9699B000
Module End: 969A3000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 969A3000
Module End: 969BE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: 969BE000
Module End: 969D2000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 96600000
Module End: 966AF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 966AF000
Module End: 966BF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 966BF000
Module End: 966E9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 966E9000
Module End: 966F3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 966F3000
Module End: 96706000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 96706000
Module End: 96771000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 96771000
Module End: 9678E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9678E000
Module End: 967A7000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 967A7000
Module End: 967BC000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 967BC000
Module End: 967DC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 967DC000
Module End: 967FB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 8E98C000
Module End: 8E9C5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 967FB000
Module End: 96813000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 8E9C5000
Module End: 8E9EC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9AC0A000
Module End: 9AC56000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: 9AC56000
Module End: 9AC7E000
Hidden: No

Module Name: \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
Service Name: int15
Module Base: 9AC85000
Module End: 9AC96000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9AC96000
Module End: 9AD74000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9AD74000
Module End: 9AD7E000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9AD7E000
Module End: 9AD8A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\LVPr2Mon.sys
Service Name: LVPr2Mon
Module Base: 9ADB1000
Module End: 9ADB6000
Hidden: No

Module Name: C:\Windows\system32\drivers\tdtcp.sys
Service Name: TDTCP
Module Base: 9ADB6000
Module End: 9ADC1000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\tssecsrv.sys
Service Name: tssecsrv
Module Base: 9ADC1000
Module End: 9ADCD000
Hidden: No

Module Name: C:\Windows\System32\Drivers\RDPWD.SYS
Service Name: Wd
Module Base: 9ADCD000
Module End: 9AE00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 9AD8A000
Module End: 9ADA0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbscan.sys
Service Name: usbscan
Module Base: AEA0E000
Module End: AEA1B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: AEA1B000
Module End: AEA25000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\dot4usb.sys
Service Name: dot4usb
Module Base: AEA25000
Module End: AEA32000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Dot4.sys
Service Name: Dot4
Module Base: AEA32000
Module End: AEA57000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Dot4Prt.sys
Service Name: Dot4Print
Module Base: AEA57000
Module End: AEA60000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\fdc.sys
Service Name: fdc
Module Base: 87782000
Module End: 8778D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\parvdm.sys
Service Name: Parvdm
Module Base: 9AC7E000
Module End: 9AC85000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8E7C1000
Module End: 8E7C8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8E600000
Module End: 8E60B000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateThread
Address: 985A601C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 985A6008
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 985A600D
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 985A6017
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwSaveKeyEx
At Address: 8245862A
Jump To: 85E3FBDA
Module Name: _unknown_

Hooked Function: ZwSaveKey
At Address: 82458523
Jump To: 85E3FC12
Module Name: _unknown_

Hooked Function: ZwFlushInstructionCache
At Address: 823B530B
Jump To: 85E3FC4C
Module Name: _unknown_

Hooked Function: ZwEnumerateKey
At Address: 8240ABA2
Jump To: 85E3FC84
Module Name: _unknown_

Hooked Function: IofCompleteRequest
At Address: 8223CFE2
Jump To: 85E39983
Module Name: _unknown_

Hooked Function: IofCallDriver
At Address: 822BEF6F
Jump To: 85E3FCBA
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: MAISON:49237
Remote Address: 213.155.157.26:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: MAISON:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: MAISON:49159
Remote Address: LOCALHOST:22346
Type: TCP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
State: ESTABLISHED

Local Address: MAISON:22346
Remote Address: LOCALHOST:49159
Type: TCP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
State: ESTABLISHED

Local Address: MAISON:22346
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
State: LISTENING

Local Address: MAISON:51643
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
State: LISTENING

Local Address: MAISON:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: MAISON:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: MAISON:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: MAISON:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: MAISON:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: MAISON:MS-WBT-SERVER
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: MAISON:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: MAISON:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: MAISON:53872
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: MAISON:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
State: NA

Local Address: MAISON:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: MAISON:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
State: NA

Local Address: MAISON:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MAISON:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MAISON:63403
Remote Address: NA
Type: UDP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
State: NA

Local Address: MAISON:53875
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Sidebar\sidebar.exe
State: NA

Local Address: MAISON:53873
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: MAISON:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: MAISON:53874
Remote Address: NA
Type: UDP
Process: C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
State: NA

Local Address: MAISON:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: MAISON:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: MAISON:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: MAISON:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\Musiques\Français\Brassens discography 15 cd with live and unreleased [ mp3 12 cd 160 bbps - 3 cd 128 kbps]\CD05 - Supplique pour être enterré sur une plage de Sète\Amazon_fr - CD, Supplique pour être enterré à la plage de Sète_fichiers\B000007WZY.08.M
Status: Hidden

Object: D:\Musiques\Français\Brassens discography 15 cd with live and unreleased [ mp3 12 cd 160 bbps - 3 cd 128 kbps]\CD05 - Supplique pour être enterré sur une plage de Sète\Amazon_fr - CD, Supplique pour être enterré à la plage de Sète_fichiers\detail-music-in
Status: Hidden

Object: D:\Musiques\Français\Brassens discography 15 cd with live and unreleased [ mp3 12 cd 160 bbps - 3 cd 128 kbps]\CD05 - Supplique pour être enterré sur une plage de Sète\Amazon_fr - CD, Supplique pour être enterré à la plage de Sète_fichiers\detail-search-m
Status: Hidden

Object: D:\Musiques\Français\Brassens discography 15 cd with live and unreleased [ mp3 12 cd 160 bbps - 3 cd 128 kbps]\CD05 - Supplique pour être enterré sur une plage de Sète\Amazon_fr - CD, Supplique pour être enterré à la plage de Sète_fichiers\music-nav-defau
Status: Hidden

Object: D:\Musiques\Français\Brassens discography 15 cd with live and unreleased [ mp3 12 cd 160 bbps - 3 cd 128 kbps]\CD05 - Supplique pour être enterré sur une plage de Sète\Amazon_fr - CD, Supplique pour être enterré à la plage de Sète_fichiers\ready-to-buy-he
Status: Hidden

Object: D:\Musiques\Français\Brassens discography 15 cd with live and unreleased [ mp3 12 cd 160 bbps - 3 cd 128 kbps]\CD05 - Supplique pour être enterré sur une plage de Sète\Amazon_fr - CD, Supplique pour être enterré à la plage de Sète_fichiers\review-contest-
Status: Hidden

Object: D:\Musiques\Français\Brassens discography 15 cd with live and unreleased [ mp3 12 cd 160 bbps - 3 cd 128 kbps]\CD05 - Supplique pour être enterré sur une plage de Sète\Amazon_fr - CD, Supplique pour être enterré à la plage de Sète_fichiers\xmas-product-mu
Status: Hidden

Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\SPP
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\{103d6017-88b1-11de-95e2-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{15086297-8193-11de-82ea-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{2c3d2bfb-8641-11de-a735-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{2c3d2c0a-8641-11de-a735-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{4056e6f7-8257-11de-a9f8-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{5d51c71e-857d-11de-ab6a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{5d51c73f-857d-11de-ab6a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{8fbcb39f-8334-11de-ab0e-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{928b5490-7ead-11de-bdb6-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{9681449b-7b44-11de-8ea6-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{9dfa0c90-7ab6-11de-99d1-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{9dfa0ca5-7ab6-11de-99d1-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{9e70ee14-7cd6-11de-9aa8-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{bcd2f12c-878e-11de-b38a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{c5282e36-8788-11de-b16d-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{c5282e4d-8788-11de-b16d-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{d9f18d75-80cb-11de-8247-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{e3e62316-7f43-11de-9731-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{e442f496-7ffd-11de-960a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{e8fc828f-7e1c-11de-8dd3-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{e9cae6a4-8816-11de-904e-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{eebe009b-8313-11de-88c8-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{fbf235b0-7c17-11de-88f3-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\Windows Backup
Status: Access denied

Object: C:\System Volume Information\{103d6016-88b1-11de-95e2-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{15086296-8193-11de-82ea-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{2c3d2bfa-8641-11de-a735-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{2c3d2c09-8641-11de-a735-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4056e6f6-8257-11de-a9f8-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{5d51c71d-857d-11de-ab6a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{5d51c73e-857d-11de-ab6a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{8fbcb39e-8334-11de-ab0e-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{bcd2f12b-878e-11de-b38a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{c5282e35-8788-11de-b16d-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{c5282e4c-8788-11de-b16d-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{d9f18d74-80cb-11de-8247-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{e3e62315-7f43-11de-9731-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{e442f495-7ffd-11de-960a-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{e9cae6a3-8816-11de-904e-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{eebe009a-8313-11de-88c8-001c2501da82}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Users\admin\AppData\Local\Microsoft\Messenger\dianceth00@msn.com\SharingMetadata\vahinemoon06@hotmail.com\DFSR\Staging\CS{9D5B994C-C4DE-A9D2-EAB9-9304E16BE349}\01\10-{9D5B994C-C4DE-A9D2-EAB9-9304E16BE349}-v1-{B5288EB8-9E1E-47C7-9BD3-7D60FD9E26A2}-v10-D
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 43

Utilisateur anonyme
14 août 2009 à 17:05

regarde si tu peux supprimer ceci en mode sans echec :

C:\WINDOWS\system32\drivers\ESQULsmnqpxxexxmhjyvmotiocifkemryorbd.sys

Réponse 26 / 43

Sarah
14 août 2009 à 17:37

fichier introuvable :(
désolé.

Réponse 27 / 43

Utilisateur anonyme
14 août 2009 à 17:46

▶ Double clic sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:files
C:\WINDOWS\system32\drivers\ESQULsmnqpxxexxmhjyvmotiocifkemryorbd.sys

:commands
[emptytemp]
[reboot]

▶ Clique sur RunFix pour lancer la suppression.

▶ Poste le rapport.

Réponse 28 / 43

Sarah
14 août 2009 à 18:37

C'est compliqué quand même cette histoire ... ça m'apprendra à vouloir télécharger photoshop ... je m'en passerai je pense lol :op

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\system32\drivers\ESQULsmnqpxxexxmhjyvmotiocifkemryorbd.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 274643 bytes
File delete failed. C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 958231 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85508256 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 245248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82,96 mb

OTL by OldTimer - Version 3.0.10.6 log created on 08142009_180835

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Réponse 29 / 43

Utilisateur anonyme
14 août 2009 à 18:46

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe"

_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================</gras>

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Réponse 30 / 43

Sarah
14 août 2009 à 19:47

ComboFix 09-08-10.06 - admin 14/08/2009 19:26.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1791.1125 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\admin\AppData\Local\qwwacew.dat
c:\users\admin\AppData\Local\qwwacew_nav.dat
c:\users\admin\AppData\Local\qwwacew_navps.dat
c:\windows\System32\drivers\ESQULsmnqpxxexxmhjyvmotiocifkemryorbd.sys
c:\windows\system32\ESQULbelvrnnwxqthxpcpeboijcvrtgaednvx.dll
c:\windows\system32\ESQULemenhvqrewhwitibwqdnfysswkcpsuyg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 17:32 . 2009-08-14 17:35 -------- d-----w- c:\users\admin\AppData\Local\temp
2009-08-14 17:32 . 2009-08-14 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-14 13:53 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\progra~2\Malwarebytes
2009-08-14 13:53 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 10:44 . 2009-08-14 10:44 -------- d-sh--w- C:\found.000
2009-08-14 00:08 . 2009-08-14 01:44 -------- d-----w- c:\program files\Ad-remover
2009-08-13 08:22 . 2009-08-13 08:22 -------- d-----w- c:\program files\trend micro
2009-08-12 22:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-12 22:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-12 22:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-12 22:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-12 22:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-12 22:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-12 22:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-12 21:58 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-12 21:58 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-12 21:58 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-12 21:58 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-12 21:58 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-11 10:51 . 2009-08-12 16:24 -------- d-----w- c:\progra~2\FLEXnet
2009-08-11 09:58 . 2009-08-11 09:58 -------- d-----w- c:\program files\Microsoft.NET
2009-08-11 09:51 . 2009-08-11 09:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-11 09:50 . 2009-08-13 08:06 -------- d-----w- c:\users\admin\AppData\Local\Microsoft Help
2009-08-11 09:47 . 2009-08-11 09:47 -------- d--h--r- C:\MSOCache
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\progra~2\WinZip
2009-07-21 21:26 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 21:26 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 21:26 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-21 21:26 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 17:31 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-14 17:31 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-14 16:42 . 2008-05-24 08:32 -------- d-----w- c:\users\admin\AppData\Roaming\EndNote
2009-08-14 09:01 . 2007-09-29 10:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 07:43 . 2007-09-29 10:13 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-13 17:28 . 2007-09-29 10:05 -------- d-----w- c:\program files\SpywareBlaster
2009-08-12 23:38 . 2009-01-08 18:08 -------- d-----w- c:\users\admin\AppData\Roaming\Azureus
2009-08-12 22:55 . 2007-10-03 06:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-12 22:06 . 2007-09-29 09:11 -------- d-----w- c:\program files\CCleaner
2009-08-12 21:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-11 22:42 . 2007-02-20 20:46 4246516 ----a-w- c:\windows\Fonts\KozMinPro-Heavy.otf
2009-08-11 11:00 . 2007-09-24 17:29 121104 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-11 10:24 . 2007-05-06 19:18 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-11 10:19 . 2007-05-06 19:20 -------- d-----w- c:\program files\Microsoft Works
2009-08-11 10:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-08-10 16:56 . 2009-01-08 18:09 175 ----a-w- c:\users\admin\AppData\Roaming\Azureus\restart.bat
2009-08-10 16:54 . 2009-01-08 18:07 -------- d-----w- c:\program files\Vuze
2009-07-18 16:06 . 2009-07-29 12:26 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 12:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 12:26 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 21:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 21:52 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 21:52 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 21:52 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 21:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-06-29 06:34 . 2009-06-29 06:34 -------- d-----w- c:\program files\Avira
2009-06-29 06:34 . 2009-06-29 06:34 -------- d-----w- c:\progra~2\Avira
2009-06-15 18:20 . 2009-08-12 21:52 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-12 21:52 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-12 21:52 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-12 21:52 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-12 21:52 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-12 21:52 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-12 21:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 12:57 . 2009-08-12 21:52 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-10 12:12 . 2009-08-12 21:52 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-12 21:52 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-12 21:52 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-05-20 13:39 . 2009-05-07 23:42 90 ----a-w- c:\users\admin\AppData\Local\kqoag.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-03-16 1822720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-6 528384]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-5-6 200812]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-13 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"TCP Query User{24FEB1DE-823C-4C10-8482-6C11C39E8B9E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{6FF0DBCD-81A2-4F4E-B7DA-63B9D7B682E4}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{236C081C-C3A6-4992-8ABC-4103DE072C52}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{99E1F1DC-A3EF-4F33-8C0B-39593A2F7A28}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{FA803BD8-1963-40FE-8CB2-C69C6FB176EC}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{AF92A79B-2626-4772-AD59-40163648DC5D}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{D7487D46-2B3B-411A-B32C-0D7CBB997CC3}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{7F7E7BD3-5720-46B3-AE59-305ACC0DA95A}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5656DF27-A3FA-4596-99A5-E62A0553DD35}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{8DDBE5C1-6087-4066-902F-950D7A3229EF}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F81EA4AC-F895-4EE3-8A37-9BDCF3B872A5}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{774C8649-EDB2-4F0A-96BC-2AB2BEDA1AC6}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{7B931923-5720-4677-9049-36052319C97E}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8985A5BE-D444-40D4-8031-DD7B66C89322}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E2D88754-583A-45D0-B0A6-684764CA5D80}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3D3C050E-A92F-4E54-9B06-8C3680717C01}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{4D8D87B0-3919-42A0-BDF9-3291933ABDA6}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{72AE6C13-B324-4D1B-8FB1-E7F0B59E8131}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{60FB2A91-9F3F-4BAF-BD40-436072B96D5D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{63FF7EFA-61A3-465D-9651-C1ED53F7C3AB}c:\\program files\\wysigot\\wysigot.exe"= UDP:c:\program files\wysigot\wysigot.exe:Wysigot Web Browser
"UDP Query User{05641555-CB74-4AF5-9458-FFA954A97CF8}c:\\program files\\wysigot\\wysigot.exe"= TCP:c:\program files\wysigot\wysigot.exe:Wysigot Web Browser
"TCP Query User{EC922863-A35E-4F92-8690-25BE1EA9AC28}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{0B714ABD-CA9E-4739-99CD-D297FB32AEDA}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{F7BE9230-C385-4FB6-8122-09BAF6C58674}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{02047E44-8BB8-4CD8-9499-76D1B7DF1AB5}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{450264D5-E876-4375-9E28-212D1CD21F43}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{0E72D057-6EB3-49B5-8133-367ACABCC346}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{E1312785-A919-4B19-9077-3D8DE1565AE8}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{375AA462-B865-45B3-8D54-CA5B18BE002D}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{8771309D-85A1-4B4B-8793-564A0CA42455}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{0E454B72-1C91-4158-A8B5-DEAF7E7CF26A}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{51531258-6BFA-4B26-AE28-CFCC77703529}"= c:\program files\HP\Digital Imaging\bin\hpqcopy2.exe:hpqcopy2.exe
"{64B3C69F-1893-4A9B-8175-45C969C846C9}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{D9BDB1F0-5D08-42A8-9A4B-15093FD931CE}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{1DE4DF47-DA36-4EF7-B505-A0A2132D49B1}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"TCP Query User{A9010CDD-8EB0-4EC3-9582-72919570ED27}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{5B2534C0-E54E-4006-BD41-A4C35EA86417}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"{89D7F6BA-6FF4-436B-A48B-5CADEBFACE1D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5C7499BE-4D54-46C5-BEFE-800431110665}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1F69BA4-6A9A-4325-874A-AEA50EF2D385}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{38671EF2-8EC6-4C09-9188-1D581493878E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{45A90AA4-5B67-45A0-9341-9F37418A412F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [06/05/2007 21:33 266343]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/06/2009 08:34 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14/08/2009 09:34 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to WebSite-Watcher - c:\users\admin\AppData\Roaming\aignes\WebSite-Watcher\config\settings\wswie.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger tout avec FlashGet - j:\10 backup-program\FlashGet\jc_all.htm
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0hyd0kow.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 19:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9696)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-14 19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 17:39

Pre-Run: 63 464 386 560 octets libres
Post-Run: 63 217 762 304 octets libres

272 --- E O F --- 2009-08-12 22:11

Réponse 31 / 43

Sarah
14 août 2009 à 19:48

et heureusement que j'ai mon ordi portable pour t'envoyer le log car sur l'ordi infecté impossible de me connecter à internet. C'est normal ?

Réponse 32 / 43

Utilisateur anonyme
14 août 2009 à 21:20

avec aucun navigateur ???

Réponse 33 / 43

Sarah
14 août 2009 à 22:05

non, aucun, ni Firefox ni Internet explorer.
Le message d'erreur est le suivant: "Tentative d'opération non autorisée sur une clé du Registre marquée pour supression"

Ca veut dire quoi ? :(

Réponse 34 / 43

Sarah
14 août 2009 à 22:28

bon, je redémarre mon pc et on verra si ça corrige cette erreur de connexion. De toute façon je vais sortir là ... donc en cas à demain pour de nouvelles aventures :o)
Merci pour ta patience et le partage de ta grande expertise.

@+

Réponse 35 / 43

Utilisateur anonyme
14 août 2009 à 22:41

ok à demain bonne soirée

Réponse 36 / 43

Sarah
15 août 2009 à 00:48

Yep!
C'est bon, après redémarrage du pc la connexion interne remarche :o)

On touche le bout ?

Réponse 37 / 43

Utilisateur anonyme
15 août 2009 à 05:20

ca a l air :

Télécharge Navilog1 depuis-ce lien

▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite clic droit en tant qu'administrateur sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.

▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

>>>>> Le fix peut durer une dizaine de minutes ;)

▶ Appuie sur une touche le bloc note va s'ouvrir.

▶ Copie-colle le rapport ici.

Réponse 38 / 43

Sarah
15 août 2009 à 12:20

Hello :o)
Voici le rapport tout chaud

Fix Navipromo version 4.0.1 commencé le 15/08/2009 12:04:36,30

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : admin ( Administrator )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:111 Go (Free:57 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:57 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
K:\ (USB)

Recherche executée en mode normal

[b]Aucune Infection Navipromo/Egdaccess trouvé/b

*** Scan terminé 15/08/2009 12:17:41,13 ***

Réponse 39 / 43

Utilisateur anonyme
15 août 2009 à 13:39

bien desinstalle Navilog

tu peux installer Malwarebytes et l utiliser comme precité je pense maintemant

Réponse 40 / 43

Sarah
15 août 2009 à 18:26

Hi! Voici le rapport de Malwarebytes :o)

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2630
Windows 6.0.6001 Service Pack 1

15/08/2009 18:22:40
mbam-log-2009-08-15 (18-22-40).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 242341
Temps écoulé: 1 hour(s), 8 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Windows\System32\ESQULbelvrnnwxqthxpcpeboijcvrtgaednvx.dll.vir (Trojan.Alureon) -> Quarantined and deleted successfully.

Discussions similaires

Comment supprimer le virus Trojan

écrire un rapport de travail

Aide pour un virus

Trojan impossible à supprimer!

Virus : trojan:win32/wacatac.h!ml