View Full Version : Redirect,Trojan,Unable to run most removal tool
Evilkoala
2009-06-16, 04:20
Hi,
Norton cease functionning
Kaspersky wont install
Spybot cease to function and wont open
Hijackthis wasn't working until I renamed it HJT.com
Malewarebytes wont run
Ewidoo online scan wasn't launching
Panda online scan wouldn't run either.
I tested them both in normal mode and safe mode.
Super Anti Spyware crash everytime I try to run it
I only managed to run
-Kaspersky Online Scan
-Bit Defender Online Scan
-Ad-Aware
-CCleaner (okay okay it's not a remove tool :D: )
-Hijackthis renamed into HJT.com
I found Trojan.Dropper.svx which was hiding in my recycle bin, I annihilated it and it's registry key.
But that still didnt do it
Had to remove spybot to install Kaspersky which failed..
Then I found this forum
Here the HJT report
Logfile of HijackThis v1.99.1
Scan saved at 21:08:02, on 2009-06-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\hjt.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=Q106&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223341211062
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://desgagneschartier.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
Hi Evilkoala
Please download GMER (http://gmer.net/gmer.zip) by GMER. An alternate download site (http://www2.gmer.net/gmer.zip).
Unzip it to a folder on your desktop.
Double click on gmer.exe to execute.
If asked, allow the gmer.sys driver load.
If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
Click the Scan button. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
Open Notepad and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.
In the GMER window...
Click on the >>> tab at the top of the GMER window.
This displays the rest of the "selection" tabs for you.
Click on the Autostart tab.
Click on Scan button.
Once the scan has finished... click Copy.
Open Notepad (again) and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.
If you can't download it, you can try to do it via myproxy.ca.
If gmer.exe doesn't run, try to rename it.
Evilkoala
2009-06-18, 04:09
Gmerauto:
GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-06-17 21:07:21
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Taskmanc:\windows\system32\rundll32.exe = c:\windows\system32\rundll32.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
AtiExtEvent@DLLName = Ati2evxx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
.norton2009Reset@ = C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe /*file not found*/
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ehRecvr@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched@ = C:\WINDOWS\eHome\ehSched.exe
gusvc@ = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
hpqwmiex@ = C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LightScribeService@ = "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
LVPrcSrv@ = "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe"
LVSrvLauncher@ = C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
McrdSvc@ = C:\WINDOWS\ehome\mcrdsvc.exe
MDM@ = "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SeaPort@ = "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ehTrayC:\WINDOWS\ehome\ehtray.exe = C:\WINDOWS\ehome\ehtray.exe
@ATIPTA"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
@RecGuardC:\Windows\SMINST\RecGuard.exe = C:\Windows\SMINST\RecGuard.exe
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Panorama du Panneau de configuration*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Dossiers Web*/C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{36D94110-787C-4828-9C1B-0DAFEBC36069} /*EditPlus 3*/C:\Program Files\EditPlus 3\eppshell.dll = C:\Program Files\EditPlus 3\eppshell.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Program Files\Unlocker\UnlockerCOM.dll = C:\Program Files\Unlocker\UnlockerCOM.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
EditPlus 3@{36D94110-787C-4828-9C1B-0DAFEBC36069} = C:\Program Files\EditPlus 3\eppshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/ = C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/
@{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll = C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}C:\Program Files\Windows Live\Toolbar\wltcore.dll = C:\Program Files\Windows Live\Toolbar\wltcore.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
@{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssmypics.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://google.ca/ = http://google.ca/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
linkscanner@CLSID = C:\Program Files\AVG\AVG8\avgpp.dll /*file not found*/
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll
---- EOF - GMER 1.0.15 ----
Gmerroot:
{\rtf1\ansi\ansicpg1252\deff0\deflang3084{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 GMER 1.0.15.14972 - http://www.gmer.net\par
Rootkit scan 2009-06-17 21:06:22\par
Windows 5.1.2600 Service Pack 3\par
\par
\par
---- System - GMER 1.0.15 ----\par
\par
SSDT spjl.sys ZwCreateKey [0xF74120E0] <-- ROOTKIT !!!\par
SSDT spjl.sys ZwEnumerateKey [0xF7430CA2] <-- ROOTKIT !!!\par
SSDT spjl.sys ZwEnumerateValueKey [0xF7431030] <-- ROOTKIT !!!\par
SSDT spjl.sys ZwOpenKey [0xF74120C0] <-- ROOTKIT !!!\par
SSDT spjl.sys ZwQueryKey [0xF7431108] <-- ROOTKIT !!!\par
SSDT spjl.sys ZwQueryValueKey [0xF7430F88] <-- ROOTKIT !!!\par
SSDT spjl.sys ZwSetValueKey [0xF743119A] <-- ROOTKIT !!!\par
\par
INT 0x62 ? 8676CBF8\par
INT 0x82 ? 8676CBF8\par
INT 0xB4 ? 864ECBF8\par
INT 0xB4 ? 864ECBF8\par
INT 0xB4 ? 864ECBF8\par
INT 0xB4 ? 864ECBF8\par
\par
Code 860CA2D0 ZwFlushInstructionCache\par
Code 860B12D6 IofCallDriver\par
Code 860B5A76 IofCompleteRequest\par
\par
---- Kernel code sections - GMER 1.0.15 ----\par
\par
.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 860B12DB \par
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 860B5A7B \par
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 860CA2D4 \par
? spjl.sys Le fichier sp\'e9cifi\'e9 est introuvable. !\par
.text USBPORT.SYS!DllUnload F699F8AC 5 Bytes JMP 864EC1D8 \par
\par
---- User code sections - GMER 1.0.15 ----\par
\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[472] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[1524] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59261 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4C8A9 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4254 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5D320 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 46CAE71D C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 46CAEEE9 C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] WS2_32.dll!socket 719F4211 5 Bytes JMP 46CAE59E C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] WS2_32.dll!connect 719F4A07 5 Bytes JMP 46CAE62A C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] WS2_32.dll!send 719F4C27 5 Bytes JMP 46CAE9ED C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] WS2_32.dll!recv 719F676F 5 Bytes JMP 46CAF1C3 C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59261 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4C8A9 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4254 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5D320 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 46CAE71D C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 46CAEEE9 C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] WS2_32.dll!socket 719F4211 5 Bytes JMP 46CAE59E C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] WS2_32.dll!connect 719F4A07 5 Bytes JMP 46CAE62A C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] WS2_32.dll!send 719F4C27 5 Bytes JMP 46CAE9ED C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] WS2_32.dll!recv 719F676F 5 Bytes JMP 46CAF1C3 C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59261 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4C8A9 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4254 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5D320 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 46CAE71D C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 46CAEEE9 C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] WS2_32.dll!socket 719F4211 5 Bytes JMP 46CAE59E C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] WS2_32.dll!connect 719F4A07 5 Bytes JMP 46CAE62A C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] WS2_32.dll!send 719F4C27 5 Bytes JMP 46CAE9ED C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] WS2_32.dll!recv 719F676F 5 Bytes JMP 46CAF1C3 C:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaNote\\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)\par
\par
---- Kernel IAT/EAT - GMER 1.0.15 ----\par
\par
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7413040] spjl.sys\par
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F741313C] spjl.sys\par
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74130BE] spjl.sys\par
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74137FC] spjl.sys\par
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74136D2] spjl.sys\par
IAT \\SystemRoot\\system32\\DRIVERS\\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7423048] spjl.sys\par
\par
---- User IAT/EAT - GMER 1.0.15 ----\par
\par
IAT C:\\WINDOWS\\Explorer.EXE[1872] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtCreateFile] [017F2F20] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\WINDOWS\\Explorer.EXE[1872] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [017F2C90] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\WINDOWS\\Explorer.EXE[1872] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtClose] [017F2CF0] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\WINDOWS\\Explorer.EXE[1872] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtDuplicateObject] [017F2CC0] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\Program Files\\Internet Explorer\\iexplore.exe[2672] @ C:\\WINDOWS\\system32\\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00CF1A7B] C:\\Program Files\\Internet Explorer\\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)\par
IAT C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[2988] @ C:\\WINDOWS\\system32\\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00CF1A7B] C:\\Program Files\\Internet Explorer\\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)\par
IAT C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe[3184] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtCreateFile] [011C2F20] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe[3184] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011C2C90] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe[3184] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtClose] [011C2CF0] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe[3184] @ C:\\WINDOWS\\system32\\kernel32.dll [ntdll.dll!NtDuplicateObject] [011C2CC0] C:\\WINDOWS\\TEMP\\logishrd\\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)\par
IAT C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3232] @ C:\\WINDOWS\\system32\\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00CF1A7B] C:\\Program Files\\Internet Explorer\\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)\par
\par
---- Devices - GMER 1.0.15 ----\par
\par
Device \\FileSystem\\Ntfs \\Ntfs 8676B1F8\par
Device \\FileSystem\\Fastfat \\FatCdrom 864601F8\par
Device \\FileSystem\\Udfs \\UdfsCdRom 85F56500\par
Device \\FileSystem\\Udfs \\UdfsDisk 85F56500\par
\par
AttachedDevice \\Driver\\Kbdclass \\Device\\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)\par
AttachedDevice \\Driver\\Kbdclass \\Device\\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)\par
AttachedDevice \\Driver\\Kbdclass \\Device\\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)\par
AttachedDevice \\Driver\\Kbdclass \\Device\\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)\par
\par
Device \\Driver\\usbohci \\Device\\USBPDO-0 865971F8\par
Device \\Driver\\sptd \\Device\\2956931500 spjl.sys\par
Device \\Driver\\dmio \\Device\\DmControl\\DmIoDaemon 867DA1F8\par
Device \\Driver\\dmio \\Device\\DmControl\\DmConfig 867DA1F8\par
Device \\Driver\\dmio \\Device\\DmControl\\DmPnP 867DA1F8\par
Device \\Driver\\dmio \\Device\\DmControl\\DmInfo 867DA1F8\par
Device \\Driver\\usbohci \\Device\\USBPDO-1 865971F8\par
Device \\Driver\\usbehci \\Device\\USBPDO-2 864E01F8\par
\par
AttachedDevice \\Driver\\Tcpip \\Device\\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)\par
\par
Device \\Driver\\NetBT \\Device\\NetBT_Tcpip_\{73DB523D-89C5-43E9-96B5-BFB1B8412A94\} 860C8500\par
Device \\Driver\\Ftdisk \\Device\\HarddiskVolume1 8676D1F8\par
Device \\Driver\\Ftdisk \\Device\\HarddiskVolume2 8676D1F8\par
Device \\Driver\\Cdrom \\Device\\CdRom0 865831F8\par
Device \\Driver\\Ftdisk \\Device\\HarddiskVolume3 8676D1F8\par
Device \\Driver\\NetBT \\Device\\NetBt_Wins_Export 860C8500\par
Device \\Driver\\PCI_PNP6500 \\Device\\0000004a spjl.sys\par
Device \\Driver\\NetBT \\Device\\NetbiosSmb 860C8500\par
Device \\Driver\\NetBT \\Device\\NetBT_Tcpip_\{97B23597-C1DC-44A7-B352-43DC930AB013\} 860C8500\par
Device \\Driver\\usbohci \\Device\\USBFDO-0 865971F8\par
Device \\Driver\\usbohci \\Device\\USBFDO-1 865971F8\par
Device \\FileSystem\\MRxSmb \\Device\\LanmanDatagramReceiver 86090500\par
Device \\Driver\\usbehci \\Device\\USBFDO-2 864E01F8\par
Device \\FileSystem\\MRxSmb \\Device\\LanmanRedirector 86090500\par
Device \\Driver\\Ftdisk \\Device\\FtControl 8676D1F8\par
Device \\Driver\\ajsenn8v \\Device\\Scsi\\ajsenn8v1 863E51F8\par
Device \\Driver\\ajsenn8v \\Device\\Scsi\\ajsenn8v1Port3Path0Target0Lun0 863E51F8\par
Device \\FileSystem\\Fastfat \\Fat 864601F8\par
\par
AttachedDevice \\FileSystem\\Fastfat \\Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)\par
\par
Device \\FileSystem\\Cdfs \\Cdfs 864F8500\par
---- Processes - GMER 1.0.15 ----\par
\par
Library \\\\?\\globalroot\\systemroot\\system32\\MSIVXucqldmxnyvbmgqnufxilltimouetpqqk.dll (*** hidden *** ) @ C:\\WINDOWS\\system32\\svchost.exe [1100] 0x10000000 \par
\par
---- Services - GMER 1.0.15 ----\par
\par
Service C:\\WINDOWS\\system32\\drivers\\MSIVXcokwfhcstriwwsbtaijjtkmcqmahkbju.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!\par
\par
---- Registry - GMER 1.0.15 ----\par
\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys@start 1\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys@type 1\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys@imagepath \\systemroot\\system32\\drivers\\MSIVXcokwfhcstriwwsbtaijjtkmcqmahkbju.sys\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys@group file system\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys\\modules \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys\\modules@MSIVXserv \\\\?\\globalroot\\systemroot\\system32\\drivers\\MSIVXcokwfhcstriwwsbtaijjtkmcqmahkbju.sys\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys\\modules@MSIVXl \\\\?\\globalroot\\systemroot\\system32\\MSIVXucqldmxnyvbmgqnufxilltimouetpqqk.dll\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\MSIVXserv.sys\\modules@MSIVXclk \\\\?\\globalroot\\systemroot\\system32\\MSIVXgwhyefyymqcsqviadnvexakdqotcjgoa.dll\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s1 771343423\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s2 285507792\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@h0 1\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4 \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x6A 0x00 0x22 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001 \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh 0xD0 0x61 0xA9 0x71 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40 \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40@khjeh 0x12 0xE3 0xDB 0xFF ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys@start 1\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys@type 1\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys@imagepath \\systemroot\\system32\\drivers\\MSIVXcokwfhcstriwwsbtaijjtkmcqmahkbju.sys\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys@group file system\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys\\modules \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys\\modules@MSIVXserv \\\\?\\globalroot\\systemroot\\system32\\drivers\\MSIVXcokwfhcstriwwsbtaijjtkmcqmahkbju.sys\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys\\modules@MSIVXl \\\\?\\globalroot\\systemroot\\system32\\MSIVXucqldmxnyvbmgqnufxilltimouetpqqk.dll\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\MSIVXserv.sys\\modules@MSIVXclk \\\\?\\globalroot\\systemroot\\system32\\MSIVXgwhyefyymqcsqviadnvexakdqotcjgoa.dll\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4 \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@p0 C:\\Program Files\\DAEMON Tools Lite\\\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@h0 0\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x6A 0x00 0x22 ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001 \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@a0 0x20 0x01 0x00 0x00 ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001@khjeh 0xD0 0x61 0xA9 0x71 ...\par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40 \par
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\19659239224E364682FA4BAF72C53EA4\\00000001\\0Jf40@khjeh 0x12 0xE3 0xDB 0xFF ...\par
\par
---- Files - GMER 1.0.15 ----\par
\par
File C:\\WINDOWS\\system32\\drivers\\MSIVXcokwfhcstriwwsbtaijjtkmcqmahkbju.sys 80384 bytes executable <-- ROOTKIT !!!\par
File C:\\WINDOWS\\system32\\MSIVXcount 4 bytes\par
File C:\\WINDOWS\\system32\\MSIVXgwhyefyymqcsqviadnvexakdqotcjgoa.dll 52224 bytes executable\par
File C:\\WINDOWS\\system32\\MSIVXucqldmxnyvbmgqnufxilltimouetpqqk.dll 26624 bytes executable\par
\par
---- EOF - GMER 1.0.15 ----\par
}
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Evilkoala
2009-06-19, 02:55
I had to run it twice,
First time it died at Step 47 for 12 hours. Went with a cold boot.
I saw that it deleted autorun.inf and another .inf on the D: drive
and 5 files on the C: drive all MVX files.
Here's the second run:
ComboFix 09-06-18.02 - Louis 2009-06-18 19:39.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1022.682 [GMT -4:00]
Lancé depuis: c:\documents and settings\Louis\Bureau\CF.com
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSIVXserv.sys
-------\Service_.norton2009Reset
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-18 au 2009-06-18 ))))))))))))))))))))))))))))))))))))
.
2009-06-15 13:31 . 2009-06-15 13:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-15 13:31 . 2009-06-15 13:31 -------- d-----w- c:\documents and settings\Louis\Application Data\SUPERAntiSpyware.com
2009-06-15 04:54 . 2009-06-15 04:56 35 ----a-w- C:\autobat.bat
2009-06-15 04:37 . 2009-06-15 04:37 23 --sha-w- c:\windows\system32\edacded0.dat
2009-06-15 04:37 . 2009-06-15 04:37 -------- d-----w- c:\program files\jv16 PowerTools 2009
2009-06-15 04:07 . 2009-06-15 04:07 -------- d-----w- c:\program files\AVG
2009-06-15 04:07 . 2009-06-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-15 03:59 . 2009-06-15 03:59 -------- d-----w- c:\documents and settings\Louis\Application Data\Yahoo!
2009-06-15 03:59 . 2009-06-15 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-15 03:59 . 2009-06-15 03:59 -------- d-----w- c:\program files\Yahoo!
2009-06-15 03:59 . 2009-06-15 03:59 -------- d-----w- c:\program files\CCleaner
2009-06-15 02:16 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-15 02:16 . 2009-06-15 02:16 -------- d-----w- c:\program files\Panda Security
2009-06-15 01:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 01:57 . 2009-06-15 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 01:57 . 2009-06-15 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 01:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 00:44 . 2009-06-15 03:18 -------- d-----w- c:\windows\BDOSCAN8
2009-06-14 23:14 . 2009-06-14 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-14 19:53 . 2009-06-14 19:53 -------- d-----w- C:\00000082
2009-06-14 00:37 . 2009-06-18 00:12 -------- d-----w- c:\documents and settings\Louis\Application Data\FileZilla
2009-06-14 00:37 . 2009-06-14 00:37 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-13 17:37 . 2009-06-13 17:37 -------- d-----w- c:\documents and settings\Louis\Local Settings\Application Data\Symantec
2009-06-13 17:27 . 2009-06-15 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-13 00:37 . 2009-06-14 23:45 -------- d-----w- c:\program files\Unlocker
2009-06-10 17:21 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 17:21 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 17:21 . 2009-04-30 21:16 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 17:21 . 2009-04-30 21:16 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 00:48 . 2009-06-10 00:48 -------- d-sh--w- c:\documents and settings\Louis\IECompatCache
2009-06-09 23:00 . 2009-06-09 23:00 -------- d-----w- c:\documents and settings\Louis\Application Data\Intuit
2009-06-09 23:00 . 2009-06-09 23:00 -------- d-----w- c:\program files\Fichiers communs\Intuit
2009-06-09 23:00 . 2009-06-09 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-06-03 21:10 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-03 21:10 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-03 21:10 . 2001-08-23 21:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-03 21:10 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-31 13:54 . 2009-05-31 13:54 -------- d-sh--w- c:\documents and settings\Louis\PrivacIE
2009-05-31 13:51 . 2009-05-31 13:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-31 13:50 . 2009-05-31 13:50 -------- d-sh--w- c:\documents and settings\Louis\IETldCache
2009-05-31 13:47 . 2009-05-31 13:47 -------- d-----w- c:\windows\ie8updates
2009-05-31 13:47 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-05-31 13:44 . 2009-05-31 13:47 -------- dc-h--w- c:\windows\ie8
2009-05-27 02:09 . 2009-04-22 22:42 2797468 ----a-w- c:\documents and settings\Louis\Application Data\Mozilla\Firefox\Profiles\pwnynn2z.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 23:36 . 2009-01-17 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-18 11:20 . 2008-10-08 14:19 -------- d-----w- c:\documents and settings\Louis\Application Data\BitTorrent
2009-06-18 00:27 . 2008-12-08 01:56 -------- d-----w- c:\documents and settings\Louis\Application Data\Corel
2009-06-18 00:24 . 2008-12-08 01:50 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-18 00:24 . 2008-12-08 01:50 168 --sh--r- c:\windows\system32\C3D2D91B77.sys
2009-06-15 13:28 . 2008-10-08 14:39 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-15 04:55 . 2009-01-15 01:08 -------- d-----w- c:\documents and settings\Louis\Application Data\EditPlus 3
2009-06-15 04:35 . 2006-02-18 05:03 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-06-14 23:24 . 2008-10-08 14:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-14 23:24 . 2008-10-08 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-13 23:29 . 2008-10-08 13:42 -------- d-----w- c:\program files\Winamp
2009-06-13 17:57 . 2005-08-17 08:10 475216 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-13 17:57 . 2005-08-17 08:10 77788 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-13 17:12 . 2008-10-08 14:18 -------- d-----w- c:\documents and settings\Louis\Application Data\DNA
2009-06-13 01:13 . 2008-10-08 14:18 -------- d-----w- c:\program files\DNA
2009-06-09 23:08 . 2009-04-14 03:41 36864 ----a-w- c:\windows\system32\xmlparse.dll
2009-06-09 23:01 . 2006-02-18 04:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 22:58 . 2009-01-15 01:08 -------- d-----w- c:\program files\EditPlus 3
2009-05-13 05:04 . 2004-08-10 15:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-10 15:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 20:23 . 2009-03-22 01:39 -------- d-----w- c:\program files\Illusion Softworks
2009-04-29 04:47 . 2009-01-06 03:37 -------- d-----w- c:\program files\Dark Omen
2009-04-26 13:34 . 2008-10-06 22:52 -------- d-----w- c:\documents and settings\Louis\Application Data\HP
2009-04-19 19:50 . 2004-08-10 15:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2004-08-10 15:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 17:39 . 2006-02-18 05:19 70776 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 01:33 . 2009-04-07 01:33 152576 ----a-w- c:\documents and settings\Louis\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-02 344064]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Louis^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=c:\documents and settings\Louis\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-14 28544]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-07 55152]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 USBSER34;USBSER34;c:\windows\system32\drivers\USBSER34.SYS [2008-10-23 37456]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-17 03:37]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 19:47
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(6712)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-18 19:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-18 23:50
Avant-CF: 7*332*630*528 octets libres
Après-CF: 7*435*030*528 octets libres
207 --- E O F --- 2009-06-11 15:15
Please translate this to English:
Exécution préalable
Evilkoala
2009-06-19, 14:43
Sorry didnt realised that the report was done in french :S
It mean firsthand executable or least close enough to that.
I believe it is the .exe and .dll file that are launched when a PC start.
So that field is empty from what i understand.
OK, thank you :)
Please rerun gmer and post back its log next.
Evilkoala
2009-06-20, 04:54
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-19 21:53:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT spqv.sys ZwCreateKey [0xF74120E0]
SSDT spqv.sys ZwEnumerateKey [0xF7430CA2]
SSDT spqv.sys ZwEnumerateValueKey [0xF7431030]
SSDT spqv.sys ZwOpenKey [0xF74120C0]
SSDT spqv.sys ZwQueryKey [0xF7431108]
SSDT spqv.sys ZwQueryValueKey [0xF7430F88]
SSDT spqv.sys ZwSetValueKey [0xF743119A]
INT 0x62 ? 8676CBF8
INT 0x82 ? 8676CBF8
INT 0xB4 ? 865B5F00
INT 0xB4 ? 865B5F00
INT 0xB4 ? 865B5F00
INT 0xB4 ? 865B5F00
Code \??\C:\DOCUME~1\Louis\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? spqv.sys Le fichier spécifié est introuvable. !
? pavboot.sys Le fichier spécifié est introuvable. !
? Combo-Fix.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F69B48AC 5 Bytes JMP 865B54E0
.text arf45yls.SYS F6590386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text arf45yls.SYS F65903AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text arf45yls.SYS F65903C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text arf45yls.SYS F65903C9 1 Byte [2E]
.text arf45yls.SYS F65903C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\DOCUME~1\Louis\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4C8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5D320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] ws2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] ws2_32.dll!closesocket 719F3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] ws2_32.dll!socket 719F4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] ws2_32.dll!connect 719F4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] ws2_32.dll!send 719F4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1580] ws2_32.dll!recv 719F676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4C8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5D320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] ws2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] ws2_32.dll!closesocket 719F3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] ws2_32.dll!socket 719F4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] ws2_32.dll!connect 719F4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] ws2_32.dll!send 719F4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] ws2_32.dll!recv 719F676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5024] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D851D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5D2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F7B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F7B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F7B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F7B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F7B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F7B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5448] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F7B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7413040] spqv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F741313C] spqv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74130BE] spqv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74137FC] spqv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74136D2] spqv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7423048] spqv.sys
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\arf45yls.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\internet explorer\iexplore.exe[1580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [003E1A7B] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [003E1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\WINDOWS\explorer.exe[6712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[7072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011C2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[7072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011C2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[7072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011C2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[7072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011C2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8676B1F8
Device \FileSystem\Fastfat \FatCdrom 864831F8
Device \FileSystem\Udfs \UdfsCdRom 86009500
Device \FileSystem\Udfs \UdfsDisk 86009500
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
Device \Driver\usbohci \Device\USBPDO-0 865BD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867DA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 867DA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 867DA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 867DA1F8
Device \Driver\usbohci \Device\USBPDO-1 865BD1F8
Device \Driver\usbehci \Device\USBPDO-2 865BC1F8
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{73DB523D-89C5-43E9-96B5-BFB1B8412A94} 861DC500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8676D1F8
Device \Driver\Cdrom \Device\CdRom0 865881F8
Device \Driver\Cdrom \Device\CdRom1 865881F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8676D1F8
Device \Driver\Cdrom \Device\CdRom2 865881F8
Device \Driver\sptd \Device\3723348908 spqv.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 861DC500
Device \Driver\NetBT \Device\NetbiosSmb 861DC500
Device \Driver\PCI_PNP3908 \Device\0000004c spqv.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{97B23597-C1DC-44A7-B352-43DC930AB013} 861DC500
Device \Driver\usbohci \Device\USBFDO-0 865BD1F8
Device \Driver\usbohci \Device\USBFDO-1 865BD1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 861D2500
Device \Driver\usbehci \Device\USBFDO-2 865BC1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 861D2500
Device \Driver\Ftdisk \Device\FtControl 8676D1F8
Device \Driver\arf45yls \Device\Scsi\arf45yls1Port3Path0Target0Lun0 863EA1F8
Device \Driver\arf45yls \Device\Scsi\arf45yls1 863EA1F8
Device \FileSystem\Fastfat \Fat 864831F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8638B500
---- Processes - GMER 1.0.15 ----
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [888] 0x10000000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x6A 0x00 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x61 0xA9 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0xE3 0xDB 0xFF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x6A 0x00 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x61 0xA9 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0xE3 0xDB 0xFF ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Louis\Local Settings\Temporary Internet Files\Content.IE5\4PWPM3MJ\imageCA67C00A.jpg 0 bytes
File C:\Documents and Settings\Louis\Local Settings\Temporary Internet Files\Content.IE5\91AIDB2F\indexv2[1].jsp 27105 bytes
File C:\Documents and Settings\Louis\Local Settings\Temporary Internet Files\Content.IE5\XVG0XV3C\imageCAIW8V4W.jpg 0 bytes
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-06-19 21:54:30
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ehRecvr@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched@ = C:\WINDOWS\eHome\ehSched.exe
hpqwmiex@ = C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LightScribeService@ = "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
LVPrcSrv@ = "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe"
LVSrvLauncher@ = C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
McrdSvc@ = C:\WINDOWS\ehome\mcrdsvc.exe
MDM@ = "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SeaPort@ = "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ehTrayC:\WINDOWS\ehome\ehtray.exe = C:\WINDOWS\ehome\ehtray.exe
@ATIPTA"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
@RecGuardC:\Windows\SMINST\RecGuard.exe = C:\Windows\SMINST\RecGuard.exe
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Panorama du Panneau de configuration*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Dossiers Web*/C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{36D94110-787C-4828-9C1B-0DAFEBC36069} /*EditPlus 3*/C:\Program Files\EditPlus 3\eppshell.dll = C:\Program Files\EditPlus 3\eppshell.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Program Files\Unlocker\UnlockerCOM.dll = C:\Program Files\Unlocker\UnlockerCOM.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
EditPlus 3@{36D94110-787C-4828-9C1B-0DAFEBC36069} = C:\Program Files\EditPlus 3\eppshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/ = C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/
@{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll = C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}C:\Program Files\Windows Live\Toolbar\wltcore.dll = C:\Program Files\Windows Live\Toolbar\wltcore.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://google.ca/ = http://google.ca/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
linkscanner@CLSID = C:\Program Files\AVG\AVG8\avgpp.dll /*file not found*/
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll
---- EOF - GMER 1.0.15 ----
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Evilkoala
2009-06-20, 20:30
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.1.1 - Français
Aegisub 2.1.6 Release Preview r2494
AMD Processor Driver
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Display Driver
Broadcom 802.11 Wireless LAN Adapter
Choice Guard
Coffret de pilotes Logitech QuickCam
Combined Community Codec Pack 2008-09-21 16:18
Conexant AC-Link Audio
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB952287)
DAEMON Tools Toolbar
EditPlus 3
FileZilla Client 3.2.4.1
Galerie de photos Windows Live
Google Earth
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
HP BatteryCheck 1.00 A7
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Software Update
HP Update
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
Installation Windows Live
Installation Windows Live
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Junk Mail filter update
Lecteur Windows Media*11
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956390)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958215)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960714)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB963027)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour pour Windows Internet Explorer 8 (KB971180)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB961503)
Mise à jour pour Windows XP (KB967715)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
MVision
Nero 6 Ultra Edition
Office 2003 Trial Assistant
Outil de téléchargement Windows Live
Panneau de contrôle ATI
Prince of Persia The Sands of Time
Programme de gestion Camera de Logitech®
Quick Launch Buttons 5.20 F2
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Lord of the Rings Online™: Shadows of Angmar™ v01.08.00.812
TourSetup
Unlocker 1.8.5
Veoh Web Player Beta
Winamp
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Contrôle parental
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack*3
WinRAR archiver
WinZip
Have you lately uninstalled Norton?
Evilkoala
2009-06-21, 16:12
Yes,
I had a trial version and my wife bought Karspersky since it was price reduced...women...:D:
So I uninstalled it, but wasn't able to install Kaspersky because of those initial issues.
How do you then explain this?
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe (file missing)
Evilkoala
2009-06-21, 20:34
That's an apps that was supposed to change trial from 30 days to 90 days.
It is also long gone.
Yes but that is not legit.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Evilkoala
2009-06-22, 01:45
And it is not on my computer anymore either ;)
No infected file from Karspersky
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:44:25, on 2009-06-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\EditPlus 3\editplus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223341211062
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://desgagneschartier.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.
You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
After that, please post back a fresh HijackThis log and tell me if you have any issues left.
Evilkoala
2009-06-22, 14:39
Well since I had Karsspesky handy, I went ahead and installed it.
My initial issue was that I was unable to install antivirus and other protection tool.
So I would say we are in buisness.
Please post then a fresh HijackThis log and I will give you final instructions :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.