---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 21:55:56, 03/06/2005
+ Report-Checksum: C8E50D6E
+ Date of database: 03/06/2005
+ Version of scan engine: v3.0
+ Duration: 43 min
+ Scanned Files: 226223
+ Speed: 85.79 Files/Second
+ Infected files: 10
+ Removed files: 10
+ Files put in quarantine: 10
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
E:\
F:\
H:\
I:\
+ Scan result:
C:\Documents and Settings\Biz387\Desktop\SpyHunter_v2.0_build_3.zip/ejv.exe -> TrojanDownloader.INService.i -> Cleaned with backup
C:\Documents and Settings\Biz387\Local Settings\Temp\nsc2AB0.tmp -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Biz387\Local Settings\Temp\nsf2AB9.tmp -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Biz387\Local Settings\Temp\RBT\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Biz387\Local Settings\Temp\YSQ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Biz387\Local Settings\Temporary Internet Files\Content.IE5\15Y2ZVAF\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\Biz387\Local Settings\Temporary Internet Files\Content.IE5\15Y2ZVAF\Poller[1].exe -> Trojan.Agent.cp -> Cleaned with backup
C:\Documents and Settings\Biz387\Local Settings\Temporary Internet Files\Content.IE5\D2A990NN\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1960408961-1202660629-725345543-1003\Dc34.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1960408961-1202660629-725345543-1003\Dc6.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 21:56:16, on 03/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Biz387\Desktop\vx2remove\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 2)" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [System Studio 2] C:\Program Files\g0ng0r.com\System Studio 2 - v1.0.0.28\SystemStudio2.exe
O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.giga...bject/Dldrv.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)