Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
Gmer obtained after a few attempts (computer was restarting by itself at the end of each scan) (See below)
Multiple problems:
- Google Redirection.
- Blue screen crashes 4 to 8 times a day. Sometimes prevents Windows from restarting..
- Hard to download and use solutions. Have to go though a Mac and USB key to copy on my desktop.
- Programs are disturbed and crash a lot (InDesign, Excel, Outlook). Problems with Task Manager in Outlook.
Please help, I am on a business trip in China.
I am stuck and need a solution asap.
All the best,
Beauregard
///////////////////
Rapport DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Emmanuel at 20:49:12.58 on Sat 05/07/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
MicrosoftÆ Windows Vistaô …dition IntÈgrale 6.0.6002.2.1252.1.1033.18.3069.1807 [GMT 8:00]
.
AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\nlssrv32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\mobsync.exe
C:\Users\Emmanuel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rue89.com/
uInternet Settings,ProxyServer = 127.0.0.1:8580
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~2\fvbho140.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Ditto] "c:\program files\ditto\Ditto.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeBridge]
uRun: [lnksutil] "rundll32" "c:\users\emmanuel\appdata\local\temp\ntosetup.dll",CreateProcessNotify
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Barre RoboForm - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\ASProxy.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: carrefour.com.cn\e-shop
Trusted Zone: imdb.com\secure
Trusted Zone: taobao.com
DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 66.207.162.66 freedur.com
Hosts: 66.207.162.66 www.freedur.com
Hosts: 204.152.194.50 clients.freedur.com
Hosts: 204.152.194.50 blog.freedur.com
Hosts: 66.207.162.66 freedur.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\emmanuel\appdata\roaming\mozilla\firefox\profiles\8681oi1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://pro.imdb.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8580
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8580
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8580
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8580
FF - prefs.js: network.proxy.type - 1
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2009-1-19 13424]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2009-12-29 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2009-12-29 10272]
R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-8-18 443752]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-3-25 57344]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-6-18 98304]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-1-19 411488]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-17 1201640]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2009-7-6 29696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-18 28464]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2009-1-19 287856]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-6-18 9344]
S3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2010-1-8 6656]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 ASOVPNHelper;Astrill OpenVPN Service;c:\users\emmanuel\appdata\roaming\astrill\asovpnsvc.exe --run --> c:\users\emmanuel\appdata\roaming\astrill\ASOvpnSvc.exe --run [?]
S3 ASProxy;ASProxy;c:\users\emmanuel\appdata\roaming\astrill\ASProxy.exe [2010-10-31 1962192]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-27 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-27 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-27 63328]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2007-6-27 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2007-6-27 73856]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-6-18 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-6-18 87328]
.
=============== Created Last 30 ================
.
2011-05-06 02:50:09 -------- d-----w- c:\users\emmanuel\appdata\roaming\Malwarebytes
2011-05-06 02:49:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 02:49:52 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-06 02:49:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 02:49:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-04 03:15:43 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-05-02 07:17:42 -------- d-----w- c:\users\emmanuel\appdata\roaming\RoboForm
2011-05-02 06:04:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-02 06:04:44 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-02 06:04:44 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-02 06:04:43 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-02 06:04:43 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-02 06:04:43 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-02 06:04:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-02 06:04:42 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-02-15 08:27:10 26960 ----a-w- c:\windows\system32\novamnv7.dll
2011-02-15 08:27:08 21328 ----a-w- c:\windows\system32\novamiv7.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: FUJITSU_ rev.0041 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x89556555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8955c7b0]; MOV EAX, [0x8955c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x84655962] -> \Device\Harddisk0\DR0[0x891AF150]
3 CLASSPNP[0x8CDE38B3] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87DAFC60]
5 acpi[0x8069F6BC] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87D49028]
\Driver\iaStor[0x887BD048] -> IRP_MJ_CREATE -> 0x89556555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 781422766 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:53:14.47 ===============
Rapport secondaire DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
MicrosoftÆ Windows Vistaô …dition IntÈgrale
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2008 7:57:25 AM
System Uptime: 5/7/2011 6:11:09 PM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T9600 @ 2.80GHz | N/A | 800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 364 GiB total, 96.44 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 66.207.162.66 freedur.com
Hosts: 66.207.162.66 www.freedur.com
Hosts: 204.152.194.50 clients.freedur.com
Hosts: 204.152.194.50 blog.freedur.com
Hosts: 66.207.162.66 freedur.net
Hosts: 66.207.162.66 www.freedur.net
Hosts: 204.152.194.50 clients.freedur.net
Hosts: 204.152.194.50 blog.freedur.net
Hosts: 66.207.162.66 freedur.org
Hosts: 66.207.162.66 www.freedur.org
Hosts: 204.152.194.50 clients.freedur.org
Hosts: 204.152.194.50 blog.freedur.org
Hosts: 66.207.161.29 clients.skydur.com
Hosts: 66.207.161.29 blog.skydur.com
Hosts: 109.123.89.16 www.skydur.com
Hosts: 109.123.89.16 skydur.com
Hosts: 109.123.89.16 secure.skydur.com
Hosts: 109.123.89.16 www.skydurvpn.com
Hosts: 109.123.89.16 skydurvpn.com
Hosts: 109.123.89.16 secure.skydurvpn.com
.
==== Installed Programs ======================
.
.
’–––◊®“µ∞Ê
÷ß∏∂±¶≤º˛ 1.2.0.2
Adobe Acrobat 9 Pro Extended - English, FranÁais, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe InCopy CS4 Application Feature Set Files (Roman)
Adobe InCopy CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced System Optimizer
Alien Skin Exposure 3
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Astrill 2.2.0.1824
ATI Catalyst Install Manager
BitDefender Antivirus 2010
Bonjour
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon SELPHY CP780
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan Toolbox Ver4.9
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Choice Guard
Click to Disc
Click to Disc Editor
CMBEdit
Connect
Conseiller de mise ‡ niveau vers Windows 7
CuteFTP 8 Professional
Definition update for Microsoft Office 2010 (KB982726)
DisplayLink Core Software
Ditto 3.15.4.0
Download Accelerator Plus (DAP)
Driver Installer
EP Budgeting
Final Draft 7
FlipBook Creator 1.5
FlipViewer 4.5
FlipViewer Xpress Creator 2.2
Free HD Converter V 1.7
French App Name
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Word 2010 (KB2459114)
HP Print Diagnostic Utility
Installation Windows Live
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 7
Java™ SE Runtime Environment 6
KhalInstallWrapper
kuler
LG USB Modem Drivers
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Live Add-in Patches
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SharedView
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mindjet MindManager 9
MobileMe Control Panel
ModËles de sons Windows
Movie Outline 3.1.1
Mozilla Firefox 4.0.1 (x86 fr)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MXAir Tutorial
NEF Codec
OpenMG Secure Module 5.0.00
Outil de tÈlÈchargement Windows Live
PamFax
PamFax Office Integration
PDF-XChange 3
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Qlock Lite
QuickTime
QuickTime MPEG2
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Resolume DXV Quicktime Codec 2.1
RoboForm 7-2-9 (All Users)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Setting Utility Series
Skins
Skylook
Skype Toolbars
Skypeô 5.1
SmartWi Connection Utility
Snagit 9.1.3
Sony Download Taxi 1.5.0.0
SONY VGP-UPR1 (Display Adapter)
SONY VGP-UPR1 (Display Adapter) Utility
Sony Video Shared Library
Spy Sweeper
Spy Sweeper Core
Suite Shared Configuration CS4
SupportSoft Assisted Service
Tencent QQ
Ultimate Extras sounds from MicrosoftÆ Tinkerô
Ultra Flash Video FLV Converter 3.8.1023
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Startup Assistant
VAIO Survey
VAIO Update 3
VAIO Wallpaper Contents
VAIO Wireless Wizard
VirtualCloneDrive
WIDCOMM Bluetooth Software 6.1.0.2200
Windows Live Call
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Media Player Firefox Plugin
WinDVD for VAIO
WinRAR archiver
Your Uninstaller! 2008 Version 6.2
.
==== End Of File ===========================
Rapport Gmer
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-08 00:01:05
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0041
Running: gmer.exe; Driver: C:\Users\Emmanuel\AppData\Local\Temp\pxriqkow.sys
---- System - GMER 1.0.15 ----
SSDT 87D41B70 ZwAllocateVirtualMemory
SSDT 87D66218 ZwCreateProcess
SSDT 87D661A0 ZwCreateProcessEx
SSDT 87D41E40 ZwCreateThread
SSDT 87D41BE8 ZwQueueApcThread
SSDT 87D41A80 ZwReadVirtualMemory
SSDT 87D41CD8 ZwSetContextThread
SSDT 87D41F30 ZwSetInformationProcess
SSDT 87D41D50 ZwSetInformationThread
SSDT 87D41EB8 ZwSuspendProcess
SSDT 87D41C60 ZwSuspendThread
SSDT 87D41FA8 ZwTerminateProcess
SSDT 87D41DC8 ZwTerminateThread
SSDT 87D41AF8 ZwWriteVirtualMemory
SSDT 87D41990 ZwCreateThreadEx
SSDT 87D41A08 ZwCreateUserProcess
INT 0x61 ? 90526CD0
INT 0xB0 ? 90526A50
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 131 846F1894 4 Bytes [70, 1B, D4, 87] {JO 0x1d; AAM 0x87}
.text ntkrnlpa.exe!KeSetEvent + 209 846F196C 8 Bytes [18, 62, D6, 87, A0, 61, D6, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 846F1984 4 Bytes [40, 1E, D4, 87] {INC EAX; PUSH DS; AAM 0x87}
.text ntkrnlpa.exe!KeSetEvent + 4E5 846F1C48 4 Bytes [E8, 1B, D4, 87]
.text ntkrnlpa.exe!KeSetEvent + 4FD 846F1C60 4 Bytes [80, 1A, D4, 87]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C09000, 0x1F926A, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[1592] ole32.dll!CoCreateInstance 765C9F3E 5 Bytes JMP 0081000A
.text C:\Windows\system32\svchost.exe[1592] USER32.dll!WindowFromPoint 7633884F 5 Bytes JMP 0215000A
.text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetForegroundWindow 763432C4 5 Bytes JMP 021A000A
.text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetCursorPos 76350B88 5 Bytes JMP 01FE000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0082000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0083000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0081000A
.text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0084000A
.text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0086000A
.text C:\Windows\Explorer.EXE[5052] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0083000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7307
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b731e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
Attached File(s)
-
DDS.txt (19.58K)
Number of downloads: 0 -
Attach.txt (10.44K)
Number of downloads: 0 -
ark.txt (14.61K)
Number of downloads: 0
This post has been edited by Beauregard: 07 May 2011 - 11:55 AM
Back to top
Post the report when you're ready. 
