Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Folder containing infected files created repeatedly at C:\DOCUME~

Started by GTHK , Nov 23 2007 08:04 AM

  • Please log in to reply

#1
GTHK
Posted 23 November 2007 - 08:04 AM

GTHK

    New Member

  • Member
  • Pip
  • 2 posts
Hi 2 everyone,

the incident i am about 2 describe happened to me while beeing at work. As i was working (the PC has WINXP installed &
antivirus installed is avast home edition), suddenly avast came up warning for 5 infected files:

i) C:\DOCUME~1\User\LOCALS~1\Temp\ac8zt2\main_uninstaller.exe
Win32:Adware-gen [Adw]
Adware
ii) C:\DOCUME~1\User\LOCALS~1\Temp\ac8zt2\msmdev.dll
Win32:Agent-LTS [Trj]
Adware
iii) C:\DOCUME~1\User\LOCALS~1\Temp\ac8zt2\msmhost.dll
Win32:Adware-gen [Adw]
Adware
iv) C:\DOCUME~1\User\LOCALS~1\Temp\ac8zt2\nsduo.dll
Win32:Adware-gen [Adw]
Adware
v) C:\DOCUME~1\User\LOCALS~1\Temp\ac8zt2\rmv.exe
Win32:Adware-gen [Adw]
Adware

I asked avast to delete them, but this wasn's possible, so i moved/renamed them. I also deleted the folder ac8zt2, manually.
Unfortunately, the folder was recreated containing again the same files! Thus, the process was taking place repeatedly! (creation of folder with files - moving renaming files - recreation of folder with files)!
I decided to search in the internet, where i found similar problems posted in some sites.
I tried some of the solutions that i read (smitfraud, sdfix, spybot S & D). As i read every person that tried those had finally
found solution. What is making me much worried is that in my case the problem still remains!!!
I hope that there must be cure for me also. Any help is appreciated and anxiously expected. Thank you all in anticipation.

Kind regards,

George



P.S. 1) Why spybot S & D detects smitfraud as annoyance?
2) If i mark all the processes running from task manager
and delete every time one process, is it possible that
i finally highlight the process that generates the folder ac8zt2
and eliminate it?
3) Is it possible that the network at my work is infected and this is
why even that i tried smitfraud & sdfix the problem still remains
(network reinfection), but in that case all PC's should have the same
problem, ain't so??
VG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:50:39 μμ 23/11/2007
+ Scan result:

C:\System Volume Information\_restore{A2B64EAF-45FB-4663-8D34-0B1A491386C4}\RP299\A0074063.rbf -> Adware.AntiAwarePro : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.10.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.11.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.12.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.13.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.14.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.15.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.16.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.17.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.18.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.19.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.2.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.20.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.21.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.22.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.23.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.24.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.25.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.26.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.27.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.28.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.29.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.3.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.30.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.31.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.32.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.33.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.34.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.35.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.36.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.37.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.38.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.39.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.4.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.40.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.41.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.42.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.43.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.44.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.45.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.46.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.47.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.48.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.49.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.5.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.50.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.51.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.6.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.7.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.8.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.9.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\msmdev.dll.vir -> Downloader.Agent.dag : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.10.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.11.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.12.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.13.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.14.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.15.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.16.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.17.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.18.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.19.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.2.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.20.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.21.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.22.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.23.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.24.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.25.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.26.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.27.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.28.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.29.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.3.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.30.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.31.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.32.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.33.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.34.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.35.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.36.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.37.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.38.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.39.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.4.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.40.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.41.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.42.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.43.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.44.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.45.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.46.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.47.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.48.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.49.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.5.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.50.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.51.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.6.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.7.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.8.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.9.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\main_uninstaller.exe.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.10.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.11.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.12.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.13.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.14.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.15.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.16.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.17.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.18.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.19.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.2.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.20.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.21.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.22.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.23.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.24.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.25.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.26.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.27.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.28.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.29.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.3.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.30.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.31.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.32.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.33.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.34.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.35.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.36.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.37.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.38.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.39.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.4.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.40.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.41.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.42.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.43.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.44.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.45.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.46.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.47.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.48.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.49.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.5.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.50.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.6.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.7.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.8.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.9.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Avast\DATA\moved\rmv.exe.vir -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Local Settings\Temp\BIT39.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Local Settings\Temp\BIT3D.tmp/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\User\Cookies\user@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

::Report end

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
Ź˜¨ 23/11/2007 15:01:58,79
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 15:01:59
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x9a\3\xac\3\x391\3\x394\3\xb1\3 ?\x384\3\x389\3\xb1\3\x393\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3\x392\3 ?\x384\3\x389\3\x38a\3\x394\3\x39d\3\x38f\3\x395\3 ?3?C?o?m? ?E?t?h?e?r?L?i?n?k? ?X?L? ?1?0?/?1?0?0? ?P?C?I? ?\xb3\3\x389\3\xb1\3 ?\x390\3\xbb\3\xae\3\x391\3\xb7\3 ?\x384\3\x389\3\xb1\3\x397\3\xb5\3\x2015\3\x391\3\x389\3\x393\3\xb7\3 ?P?C? ?(?3?C?9?0?5?C?-?T?X?)?"=str(7):"1\0"
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S?"=str(7):"1\0"
"\xa0\3\xb1\3\x38a\3\xad\3\x394\3\x38f\3 ?\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x384\3\x389\3\xb1\3\xb3\3\x391\3\xac\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x392\3 ?M?i?n?i?p?o?r?t?"=str(7):"1\0002\0003\0004\0"
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\\xa5\3\x390\3\xb7\3\x391\3\xb5\3\x393\3\x2015\3\xb1\3 ]
"EventMessageFile"=str(2):"%SystemRoot%\System32\NTMSEVT.DLL"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x9a\3\xac\3\x391\3\x394\3\xb1\3 ?\x384\3\x389\3\xb1\3\x393\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3\x392\3 ?\x384\3\x389\3\x38a\3\x394\3\x39d\3\x38f\3\x395\3 ?3?C?o?m? ?E?t?h?e?r?L?i?n?k? ?X?L? ?1?0?/?1?0?0? ?P?C?I? ?\xb3\3\x389\3\xb1\3 ?\x390\3\xbb\3\xae\3\x391\3\xb7\3 ?\x384\3\x389\3\xb1\3\x397\3\xb5\3\x2015\3\x391\3\x389\3\x393\3\xb7\3 ?P?C? ?(?3?C?9?0?5?C?-?T?X?)?"=str(7):"1\0"
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S?"=str(7):"1\0"
"\xa0\3\xb1\3\x38a\3\xad\3\x394\3\x38f\3 ?\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x384\3\x389\3\xb1\3\xb3\3\x391\3\xac\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x392\3 ?M?i?n?i?p?o?r?t?"=str(7):"1\0002\0003\0004\0"
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\\xa5\3\x390\3\xb7\3\x391\3\xb5\3\x393\3\x2015\3\xb1\3 ]
"EventMessageFile"=str(2):"%SystemRoot%\System32\NTMSEVT.DLL"
"TypesSupported"=dword:00000007
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\xa0\3\x391\3\x38f\3\xb5\3\x390\3\x389\3\xbb\3\xb5\3\xb3\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"\x9a\3\x389\3\xbd\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\x2020\3\x393\3\x390\3\x391\3\x38f\3 ?3?\x201d\3"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\x201d\3\xb5\3\x389\3\xbd\3\x39c\3\x393\3\xb1\3\x395\3\x391\3\x38f\3\x392\3"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"\xa0\3\x391\3\x38f\3\xb7\3\xb3\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\x38f\3 ?\x38c\3\x38f\3\xbd\3\x394\3\xad\3\xbb\3\x38f\3"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\xa3\3\x39d\3\xbd\3\x388\3\xb5\3\x393\3\xb7\3"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\x9c\3\xb5\3\xb3\3\xad\3\x388\3\x395\3\xbd\3\x393\3\xb7\3"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\xa0\3\xb1\3\x391\3\xb1\3\xbb\3\xbb\3\xb1\3\xb3\3\xad\3\x392\3"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\x9c\3\x390\3\x391\3\x38f\3\x39d\3\x394\3\xb6\3\x389\3\xbd\3\x38f\3 ?3?\x201d\3"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"\x2018\3\xbd\3\x394\3\xb5\3\x393\3\x394\3\x391\3\xb1\3\x38c\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"\x2018\3\xbd\3\x394\3\xb5\3\x393\3\x394\3\x391\3\xb1\3\x38c\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"\x2018\3\xbd\3\x394\3\xb5\3\x393\3\x394\3\x391\3\xb1\3\x38c\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\x9a\3\xb1\3\x394\3\xac\3\x391\3\xb3\3\xb7\3\x393\3\xb7\3 ]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="\x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3b5\x3af\x3bd\x3b1\x3b9 \x3b1\x3c0\x3b1\x3c1\x3b1\x3af\x3c4\x3b7\x3c4\x3b1, \x3b5\x3ac\x3bd \x3b8\x3ad\x3bb\x3b5\x3c4\x3b5 \x3bd\x3b1 \x3ba\x3b1\x3c4\x3b1\x3c1\x3b3\x3ae\x3c3\x3b5\x3c4\x3b5 \x3c4\x3b7\x3bd \x3b5\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7 \x3b1\x3c5\x3c4\x3ae\x3c2 \x3c4\x3b7\x3c2 \x3ad\x3ba\x3b4\x3bf\x3c3\x3b7\x3c2 \x3c4\x3c9\x3bd Windows \x3ba\x3b1\x3b9 \x3bd\x3b1 \x3b5\x3c0\x3b9\x3c3\x3c4\x3c1\x3ad\x3c8\x3b5\x3c4\x3b5 \x3c3\x3c4\x3bf \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3bf \x3bb\x3b5\x3b9\x3c4\x3bf\x3c5\x3c1\x3b3\x3b9\x3ba\x3cc \x3c3\x3b1\x3c2 \x3c3\x3cd\x3c3\x3c4\x3b7\x3bc\x3b1."
"Display"="\x391\x3bd\x3c4\x3af\x3b3\x3c1\x3b1\x3c6\x3b1 \x3b1\x3c3\x3c6\x3b1\x3bb\x3b5\x3af\x3b1\x3c2 \x3b3\x3b9\x3b1 \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3bf \x3bb\x3b5\x3b9\x3c4\x3bf\x3c5\x3c1\x3b3\x3b9\x3ba\x3cc \x3c3\x3cd\x3c3\x3c4\x3b7\x3bc\x3b1"
"IconPath"=str(2):"%SystemRoot%\system32\osuninst.EXE,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\xa3\3\x395\3\xbd\3\x394\3\x39c\3\x38c\3\xb5\3\x395\3\x393\3\xb7\3 ?\x393\3\xb5\3\xbb\3\x2015\3\x384\3\xb1\3\x392\3 ?\x389\3\x384\3\x389\3\x38f\3\x394\3\xae\3\x394\3\x399\3\xbd\3 ?\x394\3\x38f\3\x395\3 ?H?i?g?h? ?D?e?f?i?n?i?t?i?o?n? ?A?u?d?i?o?"="HDAShCut.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\x2018\3\x395\3\x394\3\x39c\3\x38c\3\xb1\3\x394\3\xb1\3 ]
"ChangeID"=dword:001b171e
"Status"=dword:00000080
"Name"="\x391\x3c5\x3c4\x3cc\x3bc\x3b1\x3c4\x3b1 Epson FX-100+ \x3c3\x3c4\x3bf PC32"
"Share Name"=""
"Print Processor"="WinPrint"
"Datatype"="RAW"
"Parameters"=""
"Action"=dword:00000000
"ObjectGUID"=""
"DsKeyUpdate"=dword:00000000
"DsKeyUpdateForeground"=dword:00000000
"Description"=""
"Printer Driver"="Epson FX-100+"
"Default DevMode"=hex:91,03,c5,03,c4,03,cc,03,bc,03,b1,03,c4,03,b1,03,20,00,45,00,70,..
"Priority"=dword:00000001
"Default Priority"=dword:00000000
"StartTime"=dword:0000003c
"UntilTime"=dword:0000003c
"Separator File"=""
"Location"=""
"Attributes"=dword:00000040
"txTimeout"=dword:0000afc8
"dnsTimeout"=dword:00003a98
"Security"=hex:01,00,04,80,f0,00,00,00,0c,01,00,00,00,00,00,00,14,00,00,00,02,..
"SpoolDirectory"=""
"Port"="\\PC32\EfiPcFx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\x2018\3\x395\3\x394\3\x39c\3\x38c\3\xb1\3\x394\3\xb1\3 \DsDriver]
"driverVersion"=dword:00000401
"printBinNames"=str(7):"Automatically Select\0Tractor Feed\0Manual Paper Feed\0\x3a4\x3c1\x3bf\x3c6\x3bf\x3b4\x3cc\x3c4\x3b7\x3c2 \x3c6\x3cd\x3bb\x3bb\x3c9\x3bd \x3c7\x3b1\x3c1\x3c4\x3b9\0"
"printCollate"=hex:01
"printColor"=hex:00
"printDuplexSupported"=hex:00
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000ec2
"printMaxYExtent"=dword:00001068
"printMinXExtent"=dword:000005c8
"printMinYExtent"=dword:00000834
"printMediaSupported"=str(7):"Letter\0\x3a4\x3cd\x3c0\x3bf\x3c5 Legal\0A3\0A4\0A5\0B5 (JIS)\0\x3a3\x3c5\x3bd\x3b5\x3c7\x3ad\x3c2 \x3c7\x3b1\x3c1\x3c4\x3af Std \x397\x3a0\x391\0\x3a3\x3c5\x3bd\x3b5\x3c7\x3ad\x3c2 \x3c7\x3b1\x3c1\x3c4\x3af 8.5 x 12 \x3af\x3bd.\0"
"printMediaReady"=str(7):"A4\0"
"printNumberUp"=dword:00000006
"printOrientationsSupported"=str(7):"PORTRAIT\0LANDSCAPE\0"
"printMaxResolutionSupported"=dword:000000f0
"printLanguage"=str(7):""
"printRate"=dword:000000a0
"printRateUnit"="CharactersPerSecond"
"printPage!!!!!inute"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\x2018\3\x395\3\x394\3\x39c\3\x38c\3\xb1\3\x394\3\xb1\3 \DsSpooler]
"description"=""
"driverName"="Epson FX-100+"
"location"=""
"portName"=str(7):"\\PC32\EfiPcFx\0"
"printStartTime"=dword:0000003c
"printEndTime"=dword:0000003c
"printerName"="\x391\x3c5\x3c4\x3cc\x3bc\x3b1\x3c4\x3b1 Epson FX-100+ \x3c3\x3c4\x3bf PC32"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\PC46\\x391\x3c5\x3c4\x3cc\x3bc\x3b1\x3c4\x3b1 Epson FX-100+ \x3c3\x3c4\x3bf PC32"
"versionNumber"=dword:00000004
"serverName"="PC46"
"shortServerName"="PC46"
"flags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\x2018\3\x395\3\x394\3\x39c\3\x38c\3\xb1\3\x394\3\xb1\3 \PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="Epson FX-100+"
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,80,1a,06,00,00,00,00,00,00,00,00,00,64,..
"FeatureKeywordSize"=dword:00000002
"FeatureKeyword"=hex:00,00
"Forms?"=dword:41e9e23f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek HD Audio output\\x9a\3\xb5\3\xbd\3\x394\3\x391\3\x389\3\x38a\3\xae\3 ]
"LineStates"=hex:00,00,00,00,9a,03,b5,03,bd,03,c4,03,c1,03,b9,03,ba,03,ae,03,20,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\\xa3\3\x395\3\xbd\3\x384\3\xad\3\x393\3\xb5\3\x389\3\x392\3]
"Order"=hex:08,00,00,00,02,00,00,00,9c,01,00,00,01,00,00,00,04,00,00,00,56,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xa0\3\xb1\3\x389\3\x397\3\xbd\3\x2015\3\x384\3\x389\3\xb1\3"="\x392\x3bf\x3b7\x3b8\x3ae\x3bc\x3b1\x3c4\x3b1\\x3a0\x3b1\x3b9\x3c7\x3bd\x3af\x3b4\x3b9\x3b1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices]
"\x2018\3\x395\3\x394\3\x39c\3\x38c\3\xb1\3\x394\3\xb1\3 ?E?p?s?o?n? ?F?X?-?1?0?0?+? ?\x393\3\x394\3\x38f\3 ?P?C?3?2?"="winspool,Ne00:"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts]
"\x2018\3\x395\3\x394\3\x39c\3\x38c\3\xb1\3\x394\3\xb1\3 ?E?p?s?o?n? ?F?X?-?1?0?0?+? ?\x393\3\x394\3\x38f\3 ?P?C?3?2?"="winspool,Ne00:,15,45"
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0

ComboFix 07-11-19.3 - User 2007-11-23 15:06:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1032.18.639 [GMT 2:00]
Running from: C:\Documents and Settings\User\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\install.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Avast\aswUpdSv.exe
C:\Documents and Settings\User\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Avast\ashMaiSv.exe
C:\Documents and Settings\User\Avast\ashWebSv.exe
C:\Documents and Settings\User\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\DOCUME~1\User\Avast\ashDisp.exe
C:\Documents and Settings\User\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Documents and Settings\User\HJT\HiJackThis.exe
C:\WINDOWS\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\User\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: The jokwmp - {459C681F-AA94-49B7-A55B-110D924E5FCE} - C:\WINDOWS\jokwmp.dll
O4 - HKLM\..\Run: [Συντόμευση σελίδας ιδιοτήτων του High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\User\Avast\ashDisp.exe
O4 - HKLM\..\Run: [STDL] C:\WINDOWS\system32\stub.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\User\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\User\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\User\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\User\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Documents and Settings\User\PDFill\DownloadPDF.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195809681203
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27318296-D38E-400F-A029-4FCC96F50964}: Domain = network
O17 - HKLM\System\CCS\Services\Tcpip\..\{27318296-D38E-400F-A029-4FCC96F50964}: NameServer = 192.168.21.1
O20 - AppInit_DLLs: m0e6b2.dll
O21 - SSODL: sapnet - {C547DE9E-18F6-43CA-B383-6BBFEF02CA61} - C:\WINDOWS\sapnet.dll (file missing)
O21 - SSODL: rmvgor - {75B0E2A0-55B4-4195-A283-964627E2A1B4} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: msmhost - {8E3D84FC-248A-48D4-AAB0-017360640D91} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {C8552995-8135-4763-A2B1-4776A2E4CB11} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Documents and Settings\User\Avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Documents and Settings\User\Avast\ashSe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP