I got a world of warcraft key logger need help [Archive]

miscann

2008-12-22, 00:07

Hello ok i have got keylogged and acoutn stolen now 2 times in one week, i use nod32 and zonealarm.
I have tried searth with nod32 for virus, lavasoft ad aware, spyware blaster, spybot searth and destroy. And still they havnt find any virus or any ad aware or anything... but i now the keylogger is there:(
Here is gmer log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-20 09:30:48
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spqw.sys ZwCreateKey [0xF72D10E0]
SSDT spqw.sys ZwEnumerateKey [0xF72EFCA2]
SSDT spqw.sys ZwEnumerateValueKey [0xF72F0030]
SSDT spqw.sys ZwOpenKey [0xF72D10C0]
SSDT spqw.sys ZwQueryKey [0xF72F0108]
SSDT spqw.sys ZwQueryValueKey [0xF72EFF88]
SSDT spqw.sys ZwSetValueKey [0xF72F019A]

INT 0x62 ? 871D9BF8
INT 0x74 ? 86F00BF8
INT 0x82 ? 871D9BF8
INT 0x84 ? 86F00BF8
INT 0xA4 ? 86F00BF8

---- Kernel code sections - GMER 1.0.14 ----

? spqw.sys Det går inte att hitta filen. !
.text USBPORT.SYS!DllUnload F65258AC 5 Bytes JMP 86F001D8
.text ai9gg02b.SYS F6442384 1 Byte [ 20 ]
.text ai9gg02b.SYS F6442386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text ai9gg02b.SYS F64423AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text ai9gg02b.SYS F64423C4 3 Bytes [ 00, 00, 00 ]
.text ai9gg02b.SYS F64423C9 1 Byte [ 00 ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] ADVAPI32.dll!CryptDeriveKey 77DD9FDD 7 Bytes JMP 28001000 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] ADVAPI32.dll!CryptDecrypt 77DDA109 7 Bytes JMP 28001060 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 280040D0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005870 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28005AF0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280060F0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003860 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 280059B0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280062E0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28005CE0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 280049B0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WS2_32.dll!closesocket 71AA3E2B 5 Bytes JMP 2800A630 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WS2_32.dll!send 71AA4C27 2 Bytes JMP 2800A210 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WS2_32.dll!send + 3 71AA4C2A 2 Bytes [ 56, B6 ]
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WS2_32.dll!WSARecv 71AA4CB5 5 Bytes JMP 28009FF0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WS2_32.dll!recv 71AA676F 5 Bytes JMP 28009E50 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WS2_32.dll!WSASend 71AA68FA 5 Bytes JMP 2800A3F0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 5 Bytes JMP 28003020 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] ole32.dll!CoInitializeEx 774EEF7B 5 Bytes JMP 28002100 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] ole32.dll!CoRegisterClassObject 77507E90 5 Bytes JMP 28002200 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WININET.dll!InternetCloseHandle 4454DA59 5 Bytes JMP 28008FA0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WININET.dll!HttpOpenRequestA 44554341 5 Bytes JMP 28008C60 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WININET.dll!InternetReadFile 4455ABB4 5 Bytes JMP 28008DF0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program\Windows Live\Messenger\msnmsgr.exe[992] WININET.dll!HttpSendRequestA 4455CD40 5 Bytes JMP 28008ED0 C:\Program\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72D2040] spqw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72D213C] spqw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72D20BE] spqw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72D27FC] spqw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72D26D2] spqw.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72E2048] spqw.sys
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\ai9gg02b.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 871D81F8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys

Device \Driver\usbstor \Device\0000009d 851D71F8
Device \Driver\sptd \Device\1806647896 spqw.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbstor \Device\0000009e 851D71F8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 86FB41F8
Device \Driver\usbuhci \Device\USBPDO-1 86FB41F8
Device \Driver\usbuhci \Device\USBPDO-2 86FB41F8
Device \Driver\usbuhci \Device\USBPDO-3 86FB41F8
Device \Driver\usbehci \Device\USBPDO-4 86F9D3E8

AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 871681F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 871681F8
Device \Driver\Cdrom \Device\CdRom0 86EC91F8
Device \Driver\Cdrom \Device\CdRom1 86EC91F8
Device \Driver\Cdrom \Device\CdRom2 86EC91F8
Device \Driver\Cdrom \Device\CdRom5 86EC91F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 854671F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C6F4940E-ACE4-4E8A-8B25-13BF61254F62} 854671F8
Device \Driver\NetBT \Device\NetbiosSmb 854671F8
Device \Driver\PCI_PNP2896 \Device\0000004c spqw.sys
Device \Driver\PCI_PNP2896 \Device\0000004c spqw.sys

AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{6C1C76F5-D5D0-41BA-BF12-EC3A8446992C} 854671F8
Device \Driver\usbuhci \Device\USBFDO-0 86FB41F8
Device \Driver\usbuhci \Device\USBFDO-1 86FB41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1BCC7F19-E5C0-474A-A013-6613D6E57ADC} 854671F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 853FA1F8
Device \Driver\usbuhci \Device\USBFDO-2 86FB41F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 853FA1F8
Device \Driver\usbuhci \Device\USBFDO-3 86FB41F8
Device \Driver\usbehci \Device\USBFDO-4 86F9D3E8
Device \Driver\Ftdisk \Device\FtControl 871681F8
Device \Driver\ai9gg02b \Device\Scsi\ai9gg02b1Port2Path0Target0Lun0 86EB0498
Device \Driver\ai9gg02b \Device\Scsi\ai9gg02b1 86EB0498
Device \Driver\ai9gg02b \Device\Scsi\ai9gg02b1Port2Path0Target1Lun0 86EB0498
Device \FileSystem\Fastfat \Fat 852CB500
Device \FileSystem\Fastfat \Fat B199E297

AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device \FileSystem\Cdfs \Cdfs 86E5F500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x3A 0x6E 0xD7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x3A 0x6E 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x5C 0xDC 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x5C 0xDC 0xE6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x5C 0xDC 0xE6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x5C 0xDC 0xE6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x5C 0xDC 0xE6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x5C 0xDC 0xE6 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0x5C 0xDC 0xE6 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0xA8 0xC8 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x98 0x7A 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC3 0x48 0x8D 0x73 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0x3A 0x91 0xE5 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xC1 0xCD 0x47 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x98 0x7A 0x82 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC3 0x48 0x8D 0x73 ...

---- EOF - GMER 1.0.14 ----
__________________________________________________________________________________

Here is Rootkitreaveal log:
HKLM\SECURITY\Policy\Secrets\SAC* 2008-04-16 00:18 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 2008-04-16 00:18 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 2008-12-20 12:22 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg 2008-11-28 11:01 0 bytes Access is denied.
C:\Documents and Settings\Markus\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\blocklist.xml 2008-12-20 12:40 1.52 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\localstore.rdf 2008-12-20 10:40 2.82 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\parent.lock 2008-12-20 12:30 0 bytes Hidden from Windows API.
C:\Documents and Settings\Markus\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\places.sqlite-journal 2008-12-20 12:48 68.63 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\prefs.js 2008-12-20 10:40 3.36 KB Visible in Windows API, directory index, but not in MFT.
C:\Documents and Settings\Markus\Cookies\markus@messenger.msn[3].txt 2008-12-20 12:50 95 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\0BBEFA0Bd01 2008-12-20 12:32 26.47 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\6888C908d01 2008-12-20 12:34 102.00 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\76A37EFBd01 2008-12-20 12:34 77.78 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\96C3D499d01 2008-12-20 12:34 27.38 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\C0EE0C01d01 2008-12-20 12:34 38.17 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\CD45DFD6d01 2008-12-20 12:47 27.37 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\D0ED0532d01 2008-12-20 12:34 51.66 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\D0ED07E2d01 2008-12-20 12:34 45.15 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\D0ED1522d01 2008-12-20 12:34 50.29 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\D0ED1552d01 2008-12-20 12:34 39.77 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\D0ED1C62d01 2008-12-20 12:34 46.79 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\D1075DD2d01 2008-12-20 12:34 126.59 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\ED2A2D06d01 2008-12-20 12:34 45.38 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\nrol6yzg.default\Cache\F5AEA183d01 2008-12-20 12:34 20.90 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\WER60c1.dir00 2008-12-20 12:23 0 bytes Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\WER60c1.dir00\msnmsgr.exe.hdmp 2008-12-20 12:24 0 bytes Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\WER60c1.dir00\msnmsgr.exe.mdmp 2008-12-20 12:24 642.05 KB Hidden from Windows API.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DF100A.tmp 2008-12-20 12:50 512 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DFCB48.tmp 2008-12-20 11:07 528.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DFCBF0.tmp 2008-12-20 11:07 512 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DFEDD9.tmp 2008-12-20 11:07 528.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DFEF25.tmp 2008-12-20 11:07 512 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DFF144.tmp 2008-12-20 12:49 528.00 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DFF15D.tmp 2008-12-20 12:49 512 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Temp\~DFFE7.tmp 2008-12-20 12:50 528.00 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Temporary Internet Files\Content.IE5\G2NQK3YR\home[1].htm 2008-12-20 12:50 19.10 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Temporary Internet Files\Content.IE5\G2NQK3YR\sha1auth[1].htm 2008-12-20 12:50 572 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Temporary Internet Files\Content.IE5\X6O5O2PE\MsgrConfig[1].xml 2008-12-20 12:50 29.94 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Markus\Lokala inställningar\Temporary Internet Files\Content.IE5\X6O5O2PE\MsgrConfig[2].xml 2008-12-20 07:39 29.94 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Markus\Skrivbord\bitdefender_antivirus.exe 2008-12-20 10:35 152.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Markus\Skrivbord\bitdefender_antivirus.exe:Zone.Identifier 2008-12-20 10:35 26 bytes Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\S-1-5-21-1606980848-1592454029-682003330-1004\Dc6.exe 2008-12-20 09:00 2.74 MB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\S-1-5-21-1606980848-1592454029-682003330-1004\Dc7.exe 2008-12-20 10:35 152.33 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\S-1-5-21-1606980848-1592454029-682003330-1004\Dc7.exe:Zone.Identifier 2008-12-20 10:35 26 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 2008-04-16 13:48 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2008-04-16 13:48 111.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll 2008-04-16 13:48 8.00 KB Visible in Windows API, but not in MFT or directory index.

Ok i would realy love if somone could help me out so i can start playing again:)
If u need any more info just ask and i try get it, its realy nice of you if u can help me!
Have a nice day!

miscann

2008-12-22, 00:57

Hello again, i might found the trojan/keylogger or whatever, but i am not sure, i didnt have zonealarm before just nod32 as firewall to, but now when i installed it and started world of warcraft, did go to worldofwarcraft.com and gues whats show up in zonealarm!! this: http://img150.imageshack.us/img150/3002/mabyvirusifoundcs2.jpg
Maby its the virus/keylogger?!
Thx anyway if somone can help me!

miscann

2008-12-22, 01:46

Ok sry for alot of post but i got new info, i tried use a ip find site, on some of the ip in zonealarm list, and gues what!!!! explorer.exe have tired 8 times now in just 30 min to connect to 61.153.58.189:2034 , and that ip it said on http://www.geobytes.com/IpLocator.htm?GetLocation is from china and almost the hole wow gold/powerleveling/cheat industry is from china!!!

Anyway i dont now for sure what file it is the virus in it and i dont now how to delete it safe, and nod32 cant find any virus on my computer.. so still need help!

miscann

2008-12-22, 09:27

bump for help=/