Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pos.tmp In C:/


  • Please log in to reply
1 reply to this topic

#1 MarcoPau

MarcoPau

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 February 2008 - 07:01 PM

Hello there, I just did a full scan with avast and manually deleted the thousands of pos.tmp that were in c:/, as I did the other day but then they showed up again.
This is my hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.53.49, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\VoipCheapCom\VoipCheapCom.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {948480BC-AA37-4632-8E64-DFEF1A3F59A4} - (no file)
O2 - BHO: {5cc28980-2598-1ecb-70a4-ce31dd03155a} - {a55130dd-13ec-4a07-bce1-895208982cc5} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {C9541EC3-0285-448E-B111-F34CC21B378D} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Programmi\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\RunOnce: [SpybotDeletingA7832] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6443] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7919] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6771] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA540] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1129] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7696] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4494] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8381] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC209] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA155] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8761] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [DAP Cleanup] "C:\DOCUME~1\ALEPEC~1\IMPOST~1\Temp\DapRemove.exe" /CLEANUP /DIR="C:\Programmi\DAP"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Programmi\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\alepeccia\Dati applicazioni\WinTouch\WinTouch.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6585] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3219] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9202] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5226] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1953] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1964] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6190] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1651] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6384] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8451] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2609] command /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1530] cmd /c del "C:\Programmi\Outerinfo\FF\components\FF.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmi\PlotSoft\PDFill\DownloadPDF.exe
O15 - Trusted Zone: www.kaspersky.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A81D09D-3FAC-4241-8E18-2724BA8BA64F}: NameServer = 195.210.91.100,193.70.192.100
O20 - Winlogon Notify: jkkkkjj - jkkkkjj.dll (file missing)
O20 - Winlogon Notify: lhdyyvdb - lhdyyvdb.dll (file missing)
O20 - Winlogon Notify: xxyyvvw - xxyyvvw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13706 bytes







And this is kaspersky's:



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 3:23:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 549466
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 84464
Number of viruses found: 19
Number of infected objects: 51
Number of suspicious objects: 0
Duration of the scan process: 01:19:42

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\b122.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4AA369B6-EED2-4B99-9DA4-BF8F7A3C2E12}.bin Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\alepeccia\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\alepeccia\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\mit25.tmp/Mirar_VC_Setup_876923.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\mit25.tmp CAB: infected - 1 skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\~DFBEA1.tmp Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\MBDownloader_876923.exe Infected: not-a-virus:AdWare.Win32.NetNucleus.b skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\mit25.tmp.cab/Mirar_VC_Setup_876923.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\mit25.tmp.cab CAB: infected - 1 skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\Perflib_Perfdata_750.dat Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\NI.UGES_0001_N122M2111\setup.exe/file01 Infected: not-a-virus:FraudTool.Win32.SysKontroller.a skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\NI.UGES_0001_N122M2111\setup.exe/file04 Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\NI.UGES_0001_N122M2111\setup.exe/file15/file1 Infected: not-a-virus:FraudTool.Win32.SysKontroller.a skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\NI.UGES_0001_N122M2111\setup.exe/file15 Infected: not-a-virus:FraudTool.Win32.SysKontroller.a skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\NI.UGES_0001_N122M2111\setup.exe Inno: infected - 4 skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\~DF723.tmp Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temp\sv172.tmp\sv173.tmp Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temporary Internet Files\Content.IE5\W9I9E3YZ\CAPSU15J Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temporary Internet Files\Content.IE5\LBG3FKQL\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Temporary Internet Files\Content.IE5\LBG3FKQL\a8f5a020e4b833865a1034489887c8b9[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\alepeccia\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\alepeccia\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\alepeccia\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\history.dat Object is locked skipped
C:\Documents and Settings\alepeccia\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\cert8.db Object is locked skipped
C:\Documents and Settings\alepeccia\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\key3.db Object is locked skipped
C:\Documents and Settings\alepeccia\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\parent.lock Object is locked skipped
C:\Documents and Settings\alepeccia\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\search.sqlite Object is locked skipped
C:\Documents and Settings\alepeccia\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\alepeccia\Dati applicazioni\Mozilla\Firefox\Profiles\ga9jvkpf.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\alepeccia\.housecall6.6\Quarantine\dr.exe.bac_a03212 Infected: Trojan-Downloader.Win32.VB.alt skipped
C:\Documents and Settings\alepeccia\.housecall6.6\Quarantine\shell32.exe.bac_a03212 Infected: Trojan-Downloader.Win32.IstBar.pm skipped
C:\Documents and Settings\alepeccia\.housecall6.6\Quarantine\user32.exe.bac_a03212 Infected: Trojan-Downloader.Win32.Small.dui skipped
C:\Documents and Settings\alepeccia\.housecall6.6\Quarantine\A0048248.exe.bac_a03208 Infected: Trojan-Downloader.Win32.VB.alt skipped
C:\Documents and Settings\alepeccia\.housecall6.6\Quarantine\A0048249.exe.bac_a03208 Infected: Trojan-Downloader.Win32.IstBar.pm skipped
C:\Documents and Settings\alepeccia\.housecall6.6\Quarantine\A0048250.exe.bac_a03208 Infected: Trojan-Downloader.Win32.Small.dui skipped
C:\Documents and Settings\alepeccia\.housecall6.6\Quarantine\A0048252.exe.bac_a03208 Infected: Trojan-Downloader.Win32.Small.dui skipped
C:\Programmi\update.zip/update1.exe Infected: Trojan-Downloader.Win32.Small.hkt skipped
C:\Programmi\update.zip/update2.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Programmi\update.zip ZIP: infected - 2 skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe/WISE0009.BIN Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk skipped
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe WiseSFX: infected - 1 skipped
C:\Programmi\DAP\Offers\VA_11_DAPSO.1187_1.exe WiseSFXDropper: infected - 1 skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP191\A0064532.exe/file1 Infected: not-a-virus:FraudTool.Win32.SysKontroller.a skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP191\A0064532.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP191\A0064543.exe Infected: not-a-virus:FraudTool.Win32.SysKontroller.a skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0066589.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067758.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067759.exe Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067764.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067776.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067777.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067778.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067779.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067781.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067782.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067784.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067787.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067789.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067791.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067792.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067794.exe Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP193\A0067798.exe Infected: Trojan-Downloader.Win32.Delf.dlk skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP195\A0067864.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP195\A0067864.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8C79CF9E-8953-4687-B255-991C337F2654}\RP211\change.log Object is locked skipped
C:\Karl Jaspers - Marco Paunescu.doc Object is locked skipped
E:\asd\Strobel\Download LimeWire\550 Giochi Cellulare LG Siemens Nokia Motorola + GThing Cracked + ACDSee x Anteprime del Gioco.zip/550 Giochi Cellulare LG Siemens Nokia Motorola + GThing Cracked + ACDSee x Anteprime del Gioco.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
E:\asd\Strobel\Download LimeWire\550 Giochi Cellulare LG Siemens Nokia Motorola + GThing Cracked + ACDSee x Anteprime del Gioco.zip ZIP: infected - 1 skipped

Scan process completed.





Avast found and removed only 11 trojans among the A00677....dll and 2 .exe. I had run Spybot previously, and it cleaned a few things.
Please let me know what else I should do.
Thanks a lot for your availability!

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 February 2008 - 07:19 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum MarcoPau
My name is Richie and i'll be helping you to fix your problems.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users