Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hjt.log [RESOLVED]

Started by Ziku , Aug 17 2005 10:22 AM

  • This topic is locked This topic is locked

#1
Ziku
Posted 17 August 2005 - 10:22 AM

Ziku

    Member

  • Member
  • PipPip
  • 28 posts
Logfile of HijackThis v1.99.1
Scan saved at 18:17:18, on 2005-08-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\crzz.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\winck32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\STANLEY\Pulpit\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\apufl.dll/sp.html#44980
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\apufl.dll/sp.html#44980
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\apufl.dll/sp.html#44980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\apufl.dll/sp.html#44980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\apufl.dll/sp.html#44980
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\apufl.dll/sp.html#44980
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\apufl.dll/sp.html#44980
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ipvp32.exe] C:\WINDOWS\system32\ipvp32.exe
O4 - HKLM\..\Run: [winck32.exe] C:\WINDOWS\system32\winck32.exe
O4 - HKLM\..\Run: [appif32.exe] C:\WINDOWS\system32\appif32.exe
O4 - HKLM\..\Run: [sysch.exe] C:\WINDOWS\sysch.exe
O4 - HKLM\..\Run: [addej.exe] C:\WINDOWS\addej.exe
O4 - HKLM\..\Run: [sdkdg32.exe] C:\WINDOWS\sdkdg32.exe
O4 - HKLM\..\Run: [winrc32.exe] C:\WINDOWS\system32\winrc32.exe
O4 - HKLM\..\Run: [netsa32.exe] C:\WINDOWS\netsa32.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1020_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

Advertisements

#2
Rawe
Posted 17 August 2005 - 10:26 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Then reboot.

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe :tazz:
  • 0

#3
Ziku
Posted 17 August 2005 - 11:11 AM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thx a lot for the quick reply :tazz:

here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 19:09:22, on 2005-08-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\winck32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winpd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\STANLEY\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [winck32.exe] C:\WINDOWS\system32\winck32.exe
O4 - HKLM\..\Run: [sysch.exe] C:\WINDOWS\sysch.exe
O4 - HKLM\..\Run: [sdkdg32.exe] C:\WINDOWS\sdkdg32.exe
O4 - HKLM\..\Run: [netsa32.exe] C:\WINDOWS\netsa32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1020_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·şÄÖ`I) - Unknown owner - C:\WINDOWS\system32\winpd32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe



AboutBuster 5.0 reference file 31
Scan started on [2005-08-17] at [18:50:42]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\kbpoav.dat
Removed File! : C:\Windows\ajnlpv.dat
Removed File! : C:\Windows\System32\xlttm.dat
Removed File! : C:\Windows\System32\rctfa.dat
Removed File! : C:\Windows\System32\duacf.dat
Removed File! : C:\Windows\System32\npkab.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 18:51:28


AboutBuster 5.0 reference file 31
Scan started on [2005-08-17] at [18:53:55]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 18:54:40




(8-17-05 18:59:02) SPSeHjFix started v1.1.2
(8-17-05 18:59:02) OS: WinXP Dodatek Service Pack 2 (5.1.2600)
(8-17-05 18:59:02) Language: polski
(8-17-05 18:59:02) Win-Path: C:\WINDOWS
(8-17-05 18:59:02) System-Path: C:\WINDOWS\system32
(8-17-05 18:59:02) Temp-Path: C:\DOCUME~1\STANLEY\USTAWI~1\Temp\
(8-17-05 18:59:24) Disinfection started
(8-17-05 18:59:24) Bad-Dll(IEP): (not found)
(8-17-05 18:59:24) Bad-Dll(IEP) in BHO: (not found)
(8-17-05 18:59:24) UBF: 8 - UBB: 0 - UBR: 14
(8-17-05 18:59:24) UBF: 8 - UBB: 0 - UBR: 14
(8-17-05 18:59:24) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:
(8-17-05 18:59:24) Stealth-String not found
(8-17-05 18:59:24) Not infected->END
  • 0

#4
Rawe
Posted 17 August 2005 - 11:25 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please print these instructions out, or write them down, as you can't read them during the fix.

First;

Please download Ewido Security Suite it is a free version of the program.
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT run a scan yet.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Reboot into normal mode and post the Ewido log here along with a fresh HijackThis log.

- Rawe :tazz:
  • 0

#5
Ziku
Posted 17 August 2005 - 12:02 PM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
seems like trojan infection :tazz:

fresh logs:

Logfile of HijackThis v1.99.1
Scan saved at 20:02:12, on 2005-08-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\STANLEY\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sysch.exe] C:\WINDOWS\sysch.exe
O4 - HKLM\..\Run: [sdkdg32.exe] C:\WINDOWS\sdkdg32.exe
O4 - HKLM\..\Run: [netsa32.exe] C:\WINDOWS\netsa32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·şÄÖ`I) - Unknown owner - C:\WINDOWS\system32\winpd32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:55:47, 2005-08-17
+ Report-Checksum: B2261116

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{36846EB6-C1B1-A145-B3CE-F5740FA22FF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{497AEAF3-0F8F-A4B6-48F2-A80144D90604} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A1BD0D9E-655B-CB60-6F75-1DFC720AEAB9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} -> Spyware.Slagent : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D063E7A9-F6B2-80F8-44B2-F8210FDEDF67} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D25A4A72-58EB-1395-AF54-321D1954EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDE4719B-AC04-9EE1-7AEA-7712560B2832} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387} -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\ieki.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winpd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3jr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipqu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winck32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcxq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcel.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\syshl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysjp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cruq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netta.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iprk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntag.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iejq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netil.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlya.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkyx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysyr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntfl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysla32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crri.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcgg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntvc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ievu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msdp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apiyy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcse32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaki32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlfx.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ieen32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msip32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3cd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieub32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mssc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iprm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nthv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appux.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msxq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netiv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addrk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiax.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crst.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntgz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysai32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msui.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winig32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crvj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3bf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iedu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlhw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysgh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appob32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipzf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apitf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javamb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieou.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iejj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntku32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ippf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netdx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcdg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieri32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcjf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaib.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiov32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addlf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaid32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apphx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysiu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntlm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apilj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addvw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ay.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apild.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysqf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javabi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkfw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msvd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlzp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crwn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addhk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iphm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkle.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipbc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iebu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ue32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3hz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\bmcqhs.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\full.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\jnayml.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\etyeqa.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\njomrc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iewp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysdx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ncdarn.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fiyewg.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nxuxrx.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gymklh.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yhxnhj.log -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkqu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\bwnqaq.txt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mbkvwh.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cbrrdk.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bfsczc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javafv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\criq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\eoxtvc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wbtezw.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zypccr.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcex.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qnifgf.txt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wvshis.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iehc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\rryvcd.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crew32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaru.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mgsyvf.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ogoejd.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\fzmhmy.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iobkii.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipgj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nxxxft.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hftmip.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winhv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\delsmd.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\olqisk.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipax.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\vtsrab.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieju32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\blffje.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gtvdtd.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appew.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\vikeob.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\tltklm.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\muucfk.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qwsvlq.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apisx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\aojkeq.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gvarol.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkil32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mszd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdknnk.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appim.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\okaafa.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winpz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\lkgtoh.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crgo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\omciad.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bqwedv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkml.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\yayois.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zldqkv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcfi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\xfdanl.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\viyehv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appnd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apier.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\qfltdv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ryqvgz.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javagl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\isyzzz.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntjm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ihhdqt.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wybegl.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jzmfsw.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\drgfwx.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xrhzqo.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\dklzga.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\qnxwfh.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rxlyhk.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xqbbsa.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\liksvo.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdksy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcki.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\tavrgf.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntas32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkde32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ujfnvs.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vukpfw.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ivihre.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\krzefw.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkov.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\hymlsa.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iemi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jonbbh.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atisfo.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkpk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sirwwi.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlum32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\taeyyl.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkto32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ofekki.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\itnjvo.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\pxrnvl.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkzl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\dsxjxs.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ybgsgs.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\elcdzw.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkyn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\qiwdjd.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rscftg.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mscr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\laoylp.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cdilvr.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\dwnnfu.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3cl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nwmoiz.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ytacuv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zlnwey.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crvt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winvb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jlbnsc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jdghvf.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\lytaqz.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\fjzued.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gbfwgg.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfccs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\prpdql.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rzsvyq.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jvjdyb.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fnestv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kijaaj.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ytfsod.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zmtuyg.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yxjcuu.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yiowex.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntyn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\rnbyep.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netry.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ituivf.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jtioxc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zmtbqm.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appfe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\bfiwur.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iegs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\dkwngc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\neter32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkvl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ysumib.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ylagkf.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addvg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nffcnm.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\oytxpp.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieyc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\azwbqd.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipmh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\pokxhz.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atldk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlyu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gywsbq.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\skrwcr.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vfuuup.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiug32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mnovcd.log -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\snajhi.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cncbiu.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\thwpuc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bfmijq.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\osxikh.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jirfvf.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlkg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crzz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gqgfxr.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\idyvlr.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ivvwji.dat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipza32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\kpivnb.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netvb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018650.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018684.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018743.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018744.EXE -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018757.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018758.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018759.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018787.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018788.exe -> Trojan.Small.ev : Cleaned with backup


::Report End
  • 0

#6
Rawe
Posted 17 August 2005 - 12:12 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
Ziku
Posted 17 August 2005 - 12:50 PM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 17, 2005 20:49:49
Operating System: Microsoft Windows XP Home Edition, Dodatek Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/08/2005
Kaspersky Anti-Virus database records: 135657
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 31084
Number of viruses found: 20
Number of infected objects: 245
Number of suspicious objects: 10
Duration of the scan process: 1350 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\oleext.dll Infected: Trojan.Win32.Small.ev
C:\Program Files\Norton AntiVirus\Quarantine\43F31ECD.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\45927305.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\45AC42E8.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\53C87A17.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\62F37B66.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\40AE1C40.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\15BA15AE.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\40D51415.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\410035E6.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\410035E6.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\6646439D.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\4D244518.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\416F496C.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\41964141.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\41A93D2B.htm Infected: Trojan-Clicker.JS.Linker.k
C:\Program Files\Norton AntiVirus\Quarantine\41BD3916.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\41BD3916.jar/web.exe Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\41BD3916.jar/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\41BD3916.jar/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\41BD3916.jar/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\41BD3916.jar/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\41BD3916.jar Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\41CA6107.htm Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\41E106EE.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\41E85AE7.htm Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\420F52BC.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\062C3D64.htm Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\1CE81149.htm Infected: Exploit.VBS.Phel.r
C:\Program Files\Norton AntiVirus\Quarantine\1CEB3B46.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\43477873.htm Infected: Exploit.HTML.CodeBaseExec
C:\Program Files\Norton AntiVirus\Quarantine\4B237FCE.htm Infected: Exploit.HTML.CodeBaseExec
C:\Program Files\Norton AntiVirus\Quarantine\64184C02.htm Infected: Exploit.VBS.Phel.r
C:\Program Files\Norton AntiVirus\Quarantine\28B8252B.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6FB57A90.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0A0756B8.htm Infected: Exploit.VBS.Phel.r
C:\Program Files\Norton AntiVirus\Quarantine\1DD72596.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\08F47934.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6FB8248D.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\6FBC4E89.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\159712B7.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\700A3E33.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\700A3E33.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\700A3E33.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\700A3E33.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\792D3D8A.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5A337B53.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\46AF6518.htm Infected: Exploit.VBS.Phel.r
C:\Program Files\Norton AntiVirus\Quarantine\46025F3C.exe Infected: Trojan.Win32.Dialer.ht
C:\Program Files\Norton AntiVirus\Quarantine\2F944473.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\31DF68B6.htm Infected: Exploit.VBS.Phel.r
C:\Program Files\Norton AntiVirus\Quarantine\7D5030D3.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\3556165F.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\069C4117.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2D1E51D6.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2D1E51D6.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2D1E51D6.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\2D1E51D6.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\77B44D35.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\736544C7.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\736544C7.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\736544C7.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\736544C7.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\74B52954.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\5781669C.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0D0C6079.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\0D0C6079.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\0D0C6079.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\0D0C6079.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\14E867D3.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\736D6255.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\736D6255.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\736D6255.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\736D6255.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\102050E5.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\4F69621F.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\19E7090F.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\19E7090F.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\19E7090F.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\19E7090F.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\3167489C.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3167489C.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\51C0283C.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\74797063.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\07410E23.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\07410E23.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\07410E23.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\07410E23.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\275608D5.tmp Infected: Trojan-Downloader.Win32.Small.bau
C:\Program Files\Norton AntiVirus\Quarantine\275608D5.dll Infected: Virus.Win32.Nsag.b
C:\Program Files\Norton AntiVirus\Quarantine\43F93B51.exe Infected: Trojan-Downloader.Win32.WinShow.aw
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018638.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018856.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018857.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018858.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018859.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018860.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018861.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018862.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018863.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018864.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018865.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018866.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018867.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018868.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018869.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018870.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018871.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018872.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018873.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018874.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018875.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018876.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018877.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018878.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018879.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018880.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018881.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018882.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018883.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018884.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018885.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018886.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018887.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018888.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018889.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018890.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018891.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018892.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018893.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018894.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018895.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018896.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018897.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018898.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018899.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018900.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018901.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018902.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018903.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018904.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018905.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018906.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018907.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018908.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018909.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018910.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018911.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018912.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018913.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018914.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018915.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018916.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018917.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018918.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018919.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018920.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018921.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018922.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018923.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018924.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018925.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018926.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018927.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018928.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018929.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018930.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018931.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018932.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018933.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018934.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018935.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018936.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018937.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018938.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018939.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018940.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018941.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018942.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018943.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018944.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018945.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018946.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018947.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018948.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018949.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018950.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018951.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018952.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018953.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018954.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018955.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018956.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018957.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018958.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018959.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018960.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018961.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018962.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018963.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018964.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018965.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018966.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018967.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018968.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018969.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018970.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018971.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018972.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018973.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018974.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018975.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018976.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018977.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018978.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018979.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018980.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018981.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018982.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018983.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018984.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018985.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018986.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018987.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018988.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018989.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018990.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018991.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018992.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018993.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018994.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018995.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018996.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018997.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018998.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0018999.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019000.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019001.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019002.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019003.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019004.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019005.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019006.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019007.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019008.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019009.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019010.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019011.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019012.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019013.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019014.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019015.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019016.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019017.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{D77E8417-A753-4865-9CC5-3C4F92987A09}\RP192\A0019018.exe Infected: Trojan.Win32.Agent.bi

Scan process completed.
  • 0

#8
Rawe
Posted 17 August 2005 - 01:02 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Do the following steps..

1- Download smitRem.exe and save the file to your desktop.
Double-click on the file to extract it to it's own folder on the desktop.

2- Run CleanUp! but don't reboot.

3- Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

4- Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Locate the following folder:

C:\Program Files\Norton AntiVirus\Quarantine\

Delete all of it's content, not the folder itself. Everything inside it.

Empty recycle bin immediately.

Reboot into normal mode.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".

System Restore will now be active again. :) Be sure to set a new restore point.

Post me a fresh HiJackThis log along with the contents of the Smitfiles txt.

- Rawe :tazz:
  • 0

#9
Ziku
Posted 17 August 2005 - 01:31 PM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Logfile of HijackThis v1.99.1
Scan saved at 21:30:06, on 2005-08-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\STANLEY\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sysch.exe] C:\WINDOWS\sysch.exe
O4 - HKLM\..\Run: [sdkdg32.exe] C:\WINDOWS\sdkdg32.exe
O4 - HKLM\..\Run: [netsa32.exe] C:\WINDOWS\netsa32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·şÄÖ`I) - Unknown owner - C:\WINDOWS\system32\winpd32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe



smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :tazz:
  • 0

#10
Rawe
Posted 17 August 2005 - 01:33 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
    Disable SpySweeper Shields
    • Click Shields on the left.
    • Click Internet Explorer and uncheck all items.
    • Click Windows System and uncheck all items.
    • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

Advertisements

#11
Ziku
Posted 17 August 2005 - 02:00 PM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
********
21:46: |••• Start of Session, 17 sierpień 2005 •••|
21:46: Spy Sweeper started
21:46: Sweep initiated using definitions version 518
21:46: Starting Memory Sweep
21:48: Memory Sweep Complete, Elapsed Time: 00:01:54
21:48: Starting Registry Sweep
21:48: Found Adware: cws_cassandra
21:48: HKU\S-1-5-21-24278861-1025240905-2646636916-1005\software\microsoft\internet explorer\main\ || hpded (ID = 117048)
21:48: HKU\S-1-5-21-24278861-1025240905-2646636916-1005\software\microsoft\internet explorer\main\ || spded (ID = 117049)
21:48: Found Adware: instant access
21:48: HKU\S-1-5-21-24278861-1025240905-2646636916-1005\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)
21:48: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\egauth.dll (ID = 128819)
21:48: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\nethv32.dll (ID = 128826)
21:48: Found Trojan Horse: magiccontrol
21:48: HKCR\interface\{0fd5fdc2-2080-4c47-9e7a-724a6201551b}\ (8 subtraces) (ID = 134663)
21:48: HKCR\interface\{4c7f0895-6fd8-46ee-880e-053df58ddae3}\ (8 subtraces) (ID = 134665)
21:48: HKCR\mslagent.3.1\ (3 subtraces) (ID = 134671)
21:48: HKLM\software\classes\interface\{0fd5fdc2-2080-4c47-9e7a-724a6201551b}\ (8 subtraces) (ID = 134686)
21:48: HKLM\software\classes\interface\{4c7f0895-6fd8-46ee-880e-053df58ddae3}\ (8 subtraces) (ID = 134688)
21:48: HKLM\software\classes\mslagent.3.1\ (3 subtraces) (ID = 134693)
21:48: Registry Sweep Complete, Elapsed Time:00:00:16
21:48: Starting Cookie Sweep
21:48: Cookie Sweep Complete, Elapsed Time: 00:00:00
21:48: Starting File Sweep
21:48: Warning: Failed to open file "c:\pagefile.sys". Odmowa dostępu
21:49: Found Adware: moneytree
21:49: nem216.dll (ID = 70084)
21:49: Found Adware: xpehbam dialer
21:49: seksdialer.exe (ID = 90847)
21:50: Warning: Failed to open file "c:\windows\system32\config\system.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\software.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\default.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\security". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\sam". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\sam.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\security.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\system". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\software". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\config\default". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\catroot2\tmp.edb". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:50: Warning: Failed to open file "c:\windows\system32\catroot2\edb.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:51: Warning: Failed to open file "c:\windows\temp\zlt05632.tmp". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:51: tmlpcert2005 (ID = 63918)
21:51: nethv32.inf (ID = 63873)
21:51: Found Adware: one2one viewer
21:51: liveservice.inf (ID = 71469)
21:53: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{d75b9d26-cff5-4d1b-9244-68ccceb5debb}.bin". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\networkservice\ustawienia lokalne\dane aplikacji\microsoft\windows\usrclass.dat". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\networkservice\ustawienia lokalne\dane aplikacji\microsoft\windows\usrclass.dat.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\localservice\ustawienia lokalne\dane aplikacji\microsoft\windows\usrclass.dat". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\localservice\ustawienia lokalne\dane aplikacji\microsoft\windows\usrclass.dat.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\stanley\ntuser.dat". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\stanley\ntuser.dat.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\stanley\ustawienia lokalne\dane aplikacji\microsoft\windows\usrclass.dat.log". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:53: Warning: Failed to open file "c:\documents and settings\stanley\ustawienia lokalne\dane aplikacji\microsoft\windows\usrclass.dat". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:54: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces
21:55: File Sweep Complete, Elapsed Time: 00:07:17
21:55: Full Sweep has completed. Elapsed time 00:09:30
21:55: Traces Found: 54
21:56: Removal process initiated
21:56: Quarantining All Traces: cws_cassandra
21:56: Quarantining All Traces: instant access
21:56: Quarantining All Traces: magiccontrol
21:56: Quarantining All Traces: moneytree
21:56: Quarantining All Traces: xpehbam dialer
21:56: Quarantining All Traces: one2one viewer
21:56: Removal process completed. Elapsed time 00:00:33
********
21:43: |••• Start of Session, 17 sierpień 2005 •••|
21:43: Spy Sweeper started
21:46: |••• End of Session, 17 sierpień 2005 •••|
  • 0

#12
Rawe
Posted 17 August 2005 - 02:04 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you post a fresh HiJackthis log. :tazz:
  • 0

#13
Ziku
Posted 17 August 2005 - 02:06 PM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Logfile of HijackThis v1.99.1
Scan saved at 22:06:01, on 2005-08-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\STANLEY\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sysch.exe] C:\WINDOWS\sysch.exe
O4 - HKLM\..\Run: [sdkdg32.exe] C:\WINDOWS\sdkdg32.exe
O4 - HKLM\..\Run: [netsa32.exe] C:\WINDOWS\netsa32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C6F22AA-3F40-4CC2-8BC0-48CB8F5346A3}: NameServer = 192.168.0.249
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·şÄÖ`I) - Unknown owner - C:\WINDOWS\system32\winpd32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#14
Ziku
Posted 17 August 2005 - 02:49 PM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
So this is it? Is everything ok now??
  • 0

#15
Ziku
Posted 18 August 2005 - 03:24 AM

Ziku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Could enybody take a look at my last hjt log and tell if everything is ok now? Because I don't know if I can use my computer. Thx a lot.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP