New topic for ReineNervensache

Unknown
edited July 2009 in Spyware & Virus Removal
Dear Katana,
I have the same problem as well. Here are my results of the scan. Can you maybe help me? Thanks a lot in advance!

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-17 12:30:55
Windows 5.1.2600 Service Pack 2

---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!DialogBoxParamA 77D288E1 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!DialogBoxIndirectParamW 77D32598 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxIndirectA 77D3AEF1 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxExW 77D50559 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxExA 77D5057D 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!DialogBoxIndirectParamA 77D56CED 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxIndirectW 77D660B7 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\NOTEPAD.EXE[488] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 009D5140
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009D5140
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009D508C
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009D5027
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009D4FF5
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009D5140
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 009D56AB
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 009D53F9
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 009D56AB
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 009D53F9
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 009D56AB
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C95140
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C9508C
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C95027
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C94FF5
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00C9508C
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00C9508C
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00C95027
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C95140
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00C953F9
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00C956AB
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C956AB
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C953F9
IAT C:\WINDOWS\system32\lsass.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C956AB
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007B4FF5
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C15140
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C1508C
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C15027
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C14FF5
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00C153F9
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00C156AB
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C156AB
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C153F9
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C156AB
IAT C:\WINDOWS\system32\svchost.exe[1048] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C15140
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01775140
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0177508C
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01775027
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01774FF5
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 017753F9
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 017756AB
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 017756AB
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 017753F9
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 017756AB
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01775140
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085140
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0008508C
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00085027
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084FF5
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000853F9
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000856AB
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 000856AB
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000853F9
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000856AB
IAT C:\WINDOWS\system32\ctfmon.exe[1268] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085140
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\svchost.exe[1508] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 017D56AB
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 017D5140
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 017D508C
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 017D5027
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 017D4FF5
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 017D56AB
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 017D56AB
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 017D53F9
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 017D53F9
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 017D56AB
IAT C:\WINDOWS\Explorer.EXE[1828] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 017D5140
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe[2408] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX01.453\gmer.exe[2788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\NOTEPAD.EXE[2996] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\alg.exe[3132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\OLE32.DLL [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\OLE32.DLL [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\WinRAR\WinRAR.exe[3364] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3Γ\3Ν\3\xb3\3Η\3Α\3Ώ\3\xbd\3Ώ\3Β\3 \0ΐ\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0R\0A\0S 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2018\3ΐ\3µ\3Ε\3Έ\3µ\3\x2015\3\xb1\3Β\3 \0ΐ\3\xb1\3Α\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3\xb1\3Ί\3\xad\3Δ\3Ώ\3 \0Η\3Α\3Ώ\3\xbd\3Ώ\3\x384\3Ή\3\xb1\3\xb3\3Α\3\xac\3Ό\3Ό\3\xb1\3Δ\3Ώ\3Β\3 \0M\0i\0n\0i\0p\0o\0r\0t 1?2?
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\user\Local Settings\Temporary Internet files\Content.IE5\0BND3D3E\exx[3].htm 0 bytes
File C:\Documents and Settings\user\Local Settings\Temporary Internet files\Content.IE5\NYEQUR15\exx_new[1].htm 452 bytes
File C:\WINDOWS\system32\lowsec 0 bytes
File C:\WINDOWS\system32\lowsec\local.ds 3515 bytes
File C:\WINDOWS\system32\lowsec\user.ds 0 bytes
File C:\WINDOWS\system32\sdra64.exe 562688 bytes executable
---- EOF - GMER 1.0.15 ----

Comments

  • KatanaKatana
    edited July 2009
    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly laechel.gif

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe




    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If requested, please reboot
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
  • ReineNervensache
    edited July 2009
    Katana,
    I can't even open the malwarebytes anti-malware.
    Is there a trick to stop the warnings about the malwarebyte being infected?
  • KatanaKatana
    edited July 2009
    Download and Run ComboFix

    Download Combofix from the link below. Save it to your desktop.

    Link 1


    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click CleanFix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..
  • KatanaKatana
    edited July 2009
    Whilst we appreciate that you may be busy, it has been 5 days or more since we heard from you. This topic is now closed.

    Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
This discussion has been closed.