Incredible virus! help please
Solved
Joyal
Posted messages
44
Status
Membre
-
Lyonnais92 Posted messages 25708 Status Contributeur sécurité -
Lyonnais92 Posted messages 25708 Status Contributeur sécurité -
Hello,
I just got infected by a very powerful virus!
I've faced numerous viruses/trojans/adware/etc. before and I've always managed to get rid of them without having to format my PC. By deleting a file or using help from forums (the jurisprudence of computing! lol) or downloading "virusname remove kit" and other "virusname fix".
I've tried everything with this one but nothing works.
Let me explain:
When the PC starts up, Kaspersky finds a trojan: WIN32.trojan.agent.amhv in a .dll file located in c:\windows\system32
I choose to delete it and then Kaspersky asks for a reboot to completely eliminate the threat.
And when the PC restarts, Kaspersky finds the same trojan and offers to reboot again, but never actually deletes the virus (I went up to 8 reboots but I think 100 reboots wouldn't have changed anything...)
If I choose to block the application in Kaspersky (KAV for friends), I get 1 KAV notification per second informing me that the action has been blocked, etc. But I can use my PC.
explorer.exe keeps crashing, so no desktop, taskbar, or Windows Explorer...
I press Ctrl+Alt+Delete and run a new task: explorer.exe > running it there works but lasts 5 seconds
Moreover, when I start a new application, I get an error message notifying me that "applicationname is not a valid WIN32 application...etc." so it's impossible to do anything.
When I boot in safe mode, it's the same mess...
If I start KAV in safe mode, I get a dozen different notifications that I don't understand, and the last ones tell me that KAV is no longer valid because the last license expired on 01/01/1970!!!! lol
Nonetheless, I can start applications like Firefox, etc. (safe mode with networking)
Ad-aware finds nothing, Spybot neither. KAV can't get rid of it...
I even tried downloading a software (VIPRE Antivirus) that claimed it could fix my issue. Indeed, it's the only site I found by typing "WIN.trojan.agent.amhv" on Google and apparently, the last signature update included that famous "trojan".
When I install the software I get a message at the very end of the installation saying "The administrator has not accepted the installation of this application"!!!! lol (I'm still in safe mode...)
There was a second site explaining that it was a "Trojan Downloader" but nothing to eliminate it.
Anyway, I don't know what to do anymore... I hope someone can help me. Do you want me to post a HijackThis report? If so, directly in the post? (not too long?)
Thanks in advance for your replies.
Julien.
I just got infected by a very powerful virus!
I've faced numerous viruses/trojans/adware/etc. before and I've always managed to get rid of them without having to format my PC. By deleting a file or using help from forums (the jurisprudence of computing! lol) or downloading "virusname remove kit" and other "virusname fix".
I've tried everything with this one but nothing works.
Let me explain:
When the PC starts up, Kaspersky finds a trojan: WIN32.trojan.agent.amhv in a .dll file located in c:\windows\system32
I choose to delete it and then Kaspersky asks for a reboot to completely eliminate the threat.
And when the PC restarts, Kaspersky finds the same trojan and offers to reboot again, but never actually deletes the virus (I went up to 8 reboots but I think 100 reboots wouldn't have changed anything...)
If I choose to block the application in Kaspersky (KAV for friends), I get 1 KAV notification per second informing me that the action has been blocked, etc. But I can use my PC.
explorer.exe keeps crashing, so no desktop, taskbar, or Windows Explorer...
I press Ctrl+Alt+Delete and run a new task: explorer.exe > running it there works but lasts 5 seconds
Moreover, when I start a new application, I get an error message notifying me that "applicationname is not a valid WIN32 application...etc." so it's impossible to do anything.
When I boot in safe mode, it's the same mess...
If I start KAV in safe mode, I get a dozen different notifications that I don't understand, and the last ones tell me that KAV is no longer valid because the last license expired on 01/01/1970!!!! lol
Nonetheless, I can start applications like Firefox, etc. (safe mode with networking)
Ad-aware finds nothing, Spybot neither. KAV can't get rid of it...
I even tried downloading a software (VIPRE Antivirus) that claimed it could fix my issue. Indeed, it's the only site I found by typing "WIN.trojan.agent.amhv" on Google and apparently, the last signature update included that famous "trojan".
When I install the software I get a message at the very end of the installation saying "The administrator has not accepted the installation of this application"!!!! lol (I'm still in safe mode...)
There was a second site explaining that it was a "Trojan Downloader" but nothing to eliminate it.
Anyway, I don't know what to do anymore... I hope someone can help me. Do you want me to post a HijackThis report? If so, directly in the post? (not too long?)
Thanks in advance for your replies.
Julien.
Configuration: Windows XP Firefox 3.0.4
10 réponses
Hello,
the disappearance of symptoms does not mean disinfection.
I advise you to:
1) post the MBAM report
2) do this:
Open this link and download ZHPDiag:
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
hxxp://telechargement.zebulon.fr/telecharger-zhpdiag.html
Once the download is complete, unzip the obtained file and place ZHPDiag.exe on your Desktop.
Double-click the icon to launch the program.
Click on All to check all option boxes.
Click on the magnifying glass to start the scan.
At the end of the scan, click on the camera and save the report on your Desktop.
Open the saved file (ZHPDiag.txt) with Notepad and copy its content into your reply.
--
@+
Do what you are asked, no more, no less.
Do not create duplicates, neither on CCM nor on any other site. Thank you.
the disappearance of symptoms does not mean disinfection.
I advise you to:
1) post the MBAM report
2) do this:
Open this link and download ZHPDiag:
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
hxxp://telechargement.zebulon.fr/telecharger-zhpdiag.html
Once the download is complete, unzip the obtained file and place ZHPDiag.exe on your Desktop.
Double-click the icon to launch the program.
Click on All to check all option boxes.
Click on the magnifying glass to start the scan.
At the end of the scan, click on the camera and save the report on your Desktop.
Open the saved file (ZHPDiag.txt) with Notepad and copy its content into your reply.
--
@+
Do what you are asked, no more, no less.
Do not create duplicates, neither on CCM nor on any other site. Thank you.
Good evening
if you can download Malwarebytes that would be great
you install it, update it and then do a quick scan to start and delete everything it finds (the full scan can take more than an hour)
if you can download Malwarebytes that would be great
you install it, update it and then do a quick scan to start and delete everything it finds (the full scan can take more than an hour)
Good evening,
Thank you very much, Georges86400!!!
After the scan, it found 17 files that it deleted, some after rebooting, and everything has been great since!
Thanks again :-)
Thank you very much, Georges86400!!!
After the scan, it found 17 files that it deleted, some after rebooting, and everything has been great since!
Thanks again :-)
Good evening Lyonnais92,
thank you for your message.
Here is the MBAM report:
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 3
08/12/2008 02:57:13
mbam-log-2008-12-08 (02-57-06).txt
Scan type: Full scan (C:\|D:\|)
Items scanned: 111707
Elapsed time: 27 minute(s), 30 second(s)
Infected memory processes: 0
Infected memory modules: 2
Infected Registry keys: 7
Infected Registry values: 1
Infected Registry data items: 4
Infected folders: 0
Infected files: 5
Infected memory processes:
(No harmful items detected)
Infected memory modules:
C:\WINDOWS\system32\ljJYRLbB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\khfFUOeC.dll (Trojan.Vundo) -> No action taken.
Infected Registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1da6f1f-cf58-4d8f-84a4-f6bd7208e466} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a1da6f1f-cf58-4d8f-84a4-f6bd7208e466} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khffuoec (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Infected Registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
Infected Registry data items:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjyrlbb -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyrlbb -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Infected folders:
(No harmful items detected)
Infected files:
C:\WINDOWS\system32\ljJYRLbB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BbLRYJjl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BbLRYJjl.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\khfFUOeC.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Joyal\Local Settings\Temporary Internet Files\Content.IE5\FR1H91HI\mslog[1] (Trojan.Vundo) -> No action taken.
thank you for your message.
Here is the MBAM report:
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 3
08/12/2008 02:57:13
mbam-log-2008-12-08 (02-57-06).txt
Scan type: Full scan (C:\|D:\|)
Items scanned: 111707
Elapsed time: 27 minute(s), 30 second(s)
Infected memory processes: 0
Infected memory modules: 2
Infected Registry keys: 7
Infected Registry values: 1
Infected Registry data items: 4
Infected folders: 0
Infected files: 5
Infected memory processes:
(No harmful items detected)
Infected memory modules:
C:\WINDOWS\system32\ljJYRLbB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\khfFUOeC.dll (Trojan.Vundo) -> No action taken.
Infected Registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1da6f1f-cf58-4d8f-84a4-f6bd7208e466} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a1da6f1f-cf58-4d8f-84a4-f6bd7208e466} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khffuoec (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Infected Registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> No action taken.
Infected Registry data items:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjyrlbb -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjyrlbb -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Infected folders:
(No harmful items detected)
Infected files:
C:\WINDOWS\system32\ljJYRLbB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BbLRYJjl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BbLRYJjl.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\khfFUOeC.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Joyal\Local Settings\Temporary Internet Files\Content.IE5\FR1H91HI\mslog[1] (Trojan.Vundo) -> No action taken.
However, I can't download ZHPDiag and I can't find any other source than the Zebulon site which is evidently having a problem.
I'll try again tomorrow.
Thanks again to both of you.
I'll try again tomorrow.
Thanks again to both of you.
Hello,
for now, we are limited to Vundo.
Did you quarantine or completely delete after the report?
I’ll edit.
The link seems to work.
We'll see tomorrow.
Otherwise, there are other tools;
--
@+
Do what you are asked, no more, no less.
Don’t create duplicates, neither on CCM nor on any other site. Thank you.
for now, we are limited to Vundo.
Did you quarantine or completely delete after the report?
I’ll edit.
The link seems to work.
We'll see tomorrow.
Otherwise, there are other tools;
--
@+
Do what you are asked, no more, no less.
Don’t create duplicates, neither on CCM nor on any other site. Thank you.
Good evening Lyonnais92,
As requested, here is the ZHPDiag report:
ZHPDiag report v1.16 by Nicolas Coolman
Recorded on 12/09/2008 19:12:37
Platform: Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.0.4)
---\\ Running Processes
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---\\ Internet Explorer Startup Pages (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Internet Explorer Search Pages (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
---\\ Browser Helper Objects (O2)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B9EB474-EEF5-4F44-A9D2-42F128742DCC} - C:\WINDOWS\system32\urqQHaWo.dll
O2 - BHO: (no name) - {5755E54F-4C89-403B-A4D3-E254A44D2459} - (not file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5CD3EBFB-3127-43D1-A2D1-FF4545C9B18D} - C:\WINDOWS\system32\yayaAtSi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
---\\ Applications Automatically Started by the Registry (O4)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\policies\Explorer: [AllowLegacyWebView] Data="1"
O4 - HKLM\..\policies\Explorer: [AllowUnhashedWebView] Data="1"
O4 - Global Startup: Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
---\\ Additional Lines in the Internet Explorer Context Menu (O8)
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Consult dictionaries (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
---\\ Buttons on the Main Internet Explorer Toolbar (O9)
O9 - Extra 'Tools' menuitem: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe,1
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra 'Tools' menuitem: S&end to OneNote - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Internet Traffic Protection Statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Internet Traffic Protection Statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe,1
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
---\\ ActiveX Objects (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
---\\ Additional Protocols and Protocol Hijacking (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
---\\ AppInit_DLLs Registry Value and Winlogon Notify Subkeys (O20)
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: WLEventStart - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: EventStartup - C:\WINDOWS\System32\VESWinlogon.dll
O20 - AppInit_DLLs:C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
---\\ Non-Microsoft and Non-Disabled NT Services (O23)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: VAIO Event Service (VAIO Event Service) - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---\\ Installed Components (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Browser Personalization - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: VML Rendering (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 10.4 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11d0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Adobe Shockwave Director 10.4 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Dynamic HTML Data Binding for Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: .NET Framework - {3F7924B9-D148-3141-87B1-68F36043A940} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Advanced Creation - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Java DirectAnimation Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Web Folders - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Task Scheduler - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
---\\ Drivers Started at Boot (O41)
O41 - Driver: Acoustic Echo Suppressor (Microsoft Kernel) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: 1394 Client Protocol (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O41 - Driver: Asynchronous RAS Media Driver (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: ATM ARP Client Protocol (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Audio Stub Driver (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Microsoft ACPI Power Adapter Driver (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Microsoft Composite Battery Driver (Compbatt) - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Sony DMI Call Service (DMICall) - C:\WINDOWS\system32\DRIVERS\DMICall.sys
O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Microsoft Kernel DLS Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: DRM Decoder Filter (Microsoft Kernel) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: GEARAspiWDM (GEARAspiWDM) - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
O41 - Driver: Generic Packet Classifier (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Microsoft UAA High Definition Audio Bus Driver (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Microsoft HID Class Driver (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: (no object) (HSFHWAZL) - C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
O41 - Driver: (no object) (HSF_DPV) - C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
O41 - Driver: PS/2 Keyboard and Mouse Driver (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: InCD File System (InCDFs) - C:\WINDOWS\system32\drivers\InCDFs.sys
O41 - Driver: InCDPass (InCDPass) - C:\WINDOWS\system32\drivers\InCDPass.sys
O41 - Driver: InCD Reader (InCDRm) - C:\WINDOWS\system32\drivers\InCDRm.sys
O41 - Driver: Realtek HD Audio Service (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O41 - Driver: Intel Processor Driver (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Windows Firewall IPv6 Driver (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: IP Traffic Filter Driver (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
As requested, here is the ZHPDiag report:
ZHPDiag report v1.16 by Nicolas Coolman
Recorded on 12/09/2008 19:12:37
Platform: Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.0.4)
---\\ Running Processes
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---\\ Internet Explorer Startup Pages (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Internet Explorer Search Pages (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
---\\ Browser Helper Objects (O2)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B9EB474-EEF5-4F44-A9D2-42F128742DCC} - C:\WINDOWS\system32\urqQHaWo.dll
O2 - BHO: (no name) - {5755E54F-4C89-403B-A4D3-E254A44D2459} - (not file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5CD3EBFB-3127-43D1-A2D1-FF4545C9B18D} - C:\WINDOWS\system32\yayaAtSi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
---\\ Applications Automatically Started by the Registry (O4)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\policies\Explorer: [AllowLegacyWebView] Data="1"
O4 - HKLM\..\policies\Explorer: [AllowUnhashedWebView] Data="1"
O4 - Global Startup: Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
---\\ Additional Lines in the Internet Explorer Context Menu (O8)
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Consult dictionaries (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
---\\ Buttons on the Main Internet Explorer Toolbar (O9)
O9 - Extra 'Tools' menuitem: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe,1
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra 'Tools' menuitem: S&end to OneNote - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Internet Traffic Protection Statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Internet Traffic Protection Statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe,1
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
---\\ ActiveX Objects (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
---\\ Additional Protocols and Protocol Hijacking (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
---\\ AppInit_DLLs Registry Value and Winlogon Notify Subkeys (O20)
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: WLEventStart - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: EventStartup - C:\WINDOWS\System32\VESWinlogon.dll
O20 - AppInit_DLLs:C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
---\\ Non-Microsoft and Non-Disabled NT Services (O23)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: VAIO Event Service (VAIO Event Service) - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---\\ Installed Components (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Browser Personalization - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: VML Rendering (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 10.4 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11d0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Adobe Shockwave Director 10.4 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Dynamic HTML Data Binding for Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: .NET Framework - {3F7924B9-D148-3141-87B1-68F36043A940} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Advanced Creation - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Java DirectAnimation Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Web Folders - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Task Scheduler - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
---\\ Drivers Started at Boot (O41)
O41 - Driver: Acoustic Echo Suppressor (Microsoft Kernel) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: 1394 Client Protocol (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O41 - Driver: Asynchronous RAS Media Driver (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: ATM ARP Client Protocol (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Audio Stub Driver (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Microsoft ACPI Power Adapter Driver (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Microsoft Composite Battery Driver (Compbatt) - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Sony DMI Call Service (DMICall) - C:\WINDOWS\system32\DRIVERS\DMICall.sys
O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Microsoft Kernel DLS Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: DRM Decoder Filter (Microsoft Kernel) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: GEARAspiWDM (GEARAspiWDM) - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
O41 - Driver: Generic Packet Classifier (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Microsoft UAA High Definition Audio Bus Driver (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Microsoft HID Class Driver (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: (no object) (HSFHWAZL) - C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
O41 - Driver: (no object) (HSF_DPV) - C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
O41 - Driver: PS/2 Keyboard and Mouse Driver (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: InCD File System (InCDFs) - C:\WINDOWS\system32\drivers\InCDFs.sys
O41 - Driver: InCDPass (InCDPass) - C:\WINDOWS\system32\drivers\InCDPass.sys
O41 - Driver: InCD Reader (InCDRm) - C:\WINDOWS\system32\drivers\InCDRm.sys
O41 - Driver: Realtek HD Audio Service (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O41 - Driver: Intel Processor Driver (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Windows Firewall IPv6 Driver (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: IP Traffic Filter Driver (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
Good evening,
run MBAM again and quarantine anything it finds.
Post the report.
--
@+
Do what you are asked, neither more nor less.
Do not create duplicates, neither on CCM nor on any other site. Thank you.
run MBAM again and quarantine anything it finds.
Post the report.
--
@+
Do what you are asked, neither more nor less.
Do not create duplicates, neither on CCM nor on any other site. Thank you.
Good evening,
I believe the threat has really disappeared.
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 3
09/12/2008 20:41:10
mbam-log-2008-12-09 (20-41-10).txt
Scan type: Full scan (C:\|D:\|)
Items scanned: 107490
Elapsed time: 31 minute(s), 5 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 0
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No malicious items detected)
Infected memory module(s):
(No malicious items detected)
Infected Registry key(s):
(No malicious items detected)
Infected Registry value(s):
(No malicious items detected)
Infected Registry data item(s):
(No malicious items detected)
Infected folder(s):
(No malicious items detected)
Infected file(s):
(No malicious items detected)
Thank you for your help!!!
I believe the threat has really disappeared.
Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 3
09/12/2008 20:41:10
mbam-log-2008-12-09 (20-41-10).txt
Scan type: Full scan (C:\|D:\|)
Items scanned: 107490
Elapsed time: 31 minute(s), 5 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 0
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No malicious items detected)
Infected memory module(s):
(No malicious items detected)
Infected Registry key(s):
(No malicious items detected)
Infected Registry value(s):
(No malicious items detected)
Infected Registry data item(s):
(No malicious items detected)
Infected folder(s):
(No malicious items detected)
Infected file(s):
(No malicious items detected)
Thank you for your help!!!