Tag_

Done. Thanks a lot for all ! All the best.

-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, October 7, 2010 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Wednesday, October 06, 2010 11:54:00 Records in database: 4280474 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ H:\ I:\ J:\ K:\ Scan statistics: Objects scanned: 159708 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 04:39:57 No threats found. Scanned area is clean. Selected area has been scanned.

Right ! Kaspersky Online scanner. "Database update"... for nearly 1 hour now.

OTL logfile created on: 06/10/2010 21:55:19 - Run 3 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\admin\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1

Step 6. OTL-scan result files uploaded. OTL.Txt Extras.Txt

[heir] It looks as you've had avast installed on this computer at some time as well. Is that correct? Shall we remove the leftovers? Yes. No. [heir] Do your recognize these documents with Cyrillic characters? Yes. It's a russian game that created it. Step 1. C:\WINDOWS\System32\drivers\ytuf.sys do not exist. Step 2. OTL cleans a few things and reboot my PC. => OTL fixlog uploaded. Step 3. AVG Free 9.0 uninstalled. I will reboot and check if AVG process are definitly off my task manager. I post this reply before. I keep Azureus. Setp 4. Nothing to do. Step 5. MBAM: nothing found. => Report uploaded. 10062010_202114.log mbam_log_2010_10_06__20_56_07_.txt

[heir] We'll deal with removing the leftovers from AVG in a bit. I've downloaded AVGremover.exe. Is that the right application to run in order to remove the leftovers from AVG ?

- MWB is running OK including when I lauch it "mbam.exe" (was blocked before) => 1st pleasant fact. - I lost the mini icon of the win task manager. But I think it's not a problem. I will reboot to check if it's working as usual (yes, I use to keep an eye permanently on this CPU activity indicator) - A new ie shortcut has been created on my desktop (I'm firefox user, I never use ie). But OK, I will remove it. Could you tell me if MWB or HJT installed a permanent "watchdog" (don't know the righ word, sorry) to secure from potential future malware, trojan... (I which they do). As I think my problem is solved, I don't want to bother you again with that. To check if everything is OK is now a question of time and going back to surf on the internet. The problem was that from times to times it redirect to random pages and was hanging on google-analytics... But not systematically. Hard to know if it will never happen. Many thanks for your help ! Merci beaucoup de votre aide !

The content of C:\ComboFix.txt from step 2: And now, I'm checking how my computer is running after those steps... ComboFix.txt

The content of the report from TDSSKiller in step 1. (Combofix is warning 2 times of the AVG still running). Now it's downloading something from Microsoft... TDSSKiller.2.4.4.0_05.10.2010_22.14.01_log.txt TDSSKiller.2.4.4.0_05.10.2010_22.14.01_log.txt

Rootkit.TDSS found + cure + reboot. Step 2: Combofix downloaded. I'm starting Step 2...

Sorry. (For antivirus, I know it was a problem. But I've never been able to get rid of these AVG processes: avgchsrx, avgcsrvx & avgrsx, while now it is Avira my Antivirus.) GMER finally ended. See the attached report. (Probably a problem of virtual drives ? One day something push my old drive letters one letter away. I noticed it because some links were not working anymore. atapi.sys driver seems strange too. I just don't know. Symptoms and strange PC behaviors. ) ark2.txt

RootkitUnhooker ends before GMER. Results attached. Rootkit_Unhooker.txt

New GMER is taking much much longer, scanning each & every files of my HD... I'm going to have lunch now. I will be back in approx 1/2 hour. I prefer to mention it for you not to loose your time waiting me to answer. Be sure I really-really appreciate your help. Thanks a lot, and hope to read you in approx half an hour. I will then post ark2.txt.

GMER is running again... Much longer than the first time. It may has been interrupted, because I've really copy/pasted the full output file.