Kasp Log And Hjt Of A Friend!

#1 2fast2furious


Posted 13 September 2008 - 01:57 PM

Ok so after my friend re-installed windows cuz i wouldn`t start anymore...he still had a lot of other viruses! How does he remove them?

Thursday, September 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version:
Program database last update: Thursday, September 11, 2008 17:02:18
Records in database: 1213098

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:

Scan statistics:
Files scanned: 53643
Threat name: 2
Infected objects: 65
Suspicious objects: 0
Duration of the scan: 01:26:47

File name / Threat name / Threats count
C:\Program Files\Eset\infected\32F3V2BA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\3XN3MJAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\45LTELCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\AKMEVLCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\CMAP3WDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\D1NKGMDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\D4QPGNAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\DBXSGPCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\DDI2DRAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\EFFPRLDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\FFIORYCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\GO42U4CA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\H0S44EDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\I3TWCYBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\JAOYGSBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\KJAL5LBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\N15FUPDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\PQODQHCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\PXZWBVAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\PZXRTVAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\QLAQXTDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\RJBFALAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\SGVT4NBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\SONDOZBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\UVCPLNBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\VTOVWMAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\WUJYS1BA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\YEOZKRDA.NQF Infected: Virus.Win32.Hidrag.a 1
D:\abyssmedia convertor muzicaaa\Audio Converter Plus\audioconverter.exe Infected: Virus.Win32.Virut.n 1
D:\convertoor\MMConverterCon.exe Infected: Virus.Win32.Virut.n 1
D:\convertoor\Setup\{08A4C07B-204D-11D6-AF25-00B0D0797201}\Setup.exe Infected: Virus.Win32.Virut.n 1
D:\Direct Connect ++\StrongDC++\StrongDC.exe Infected: Virus.Win32.Virut.n 1
D:\Download\Schimba data expirarii programelor\NoLimit 2.0.exe Infected: Virus.Win32.Virut.n 1
D:\Kits\Driver_C-Media\MIXER.EXE Infected: Virus.Win32.Virut.n 1
D:\Kits\Driver_C-Media\Setup.exe Infected: Virus.Win32.Virut.n 1
D:\Kits\Fraps\fraps.exe Infected: Virus.Win32.Virut.n 1
D:\Other\eminescu\Intro.exe Infected: Virus.Win32.Virut.n 1
D:\Other\eminescu\program files\PETAR\Eminescu\LANGINST.EXE Infected: Virus.Win32.Virut.n 1
D:\Other\eminescu\SETUP.EXE Infected: Virus.Win32.Virut.n 1
D:\Other\Transfer\3DSMAX3\patcher.exe Infected: Virus.Win32.Virut.n 1
D:\Other\Transfer\Documents and Settings\MIRCEA\Local Settings\Temp\FIFA 2003_uninst.exe Infected: Virus.Win32.Virut.n 1
D:\Other\Transfer\wincmd\Crack.exe Infected: Virus.Win32.Virut.n 1
D:\Other\WinRAR\Rar.exe Infected: Virus.Win32.Virut.n 1
D:\Other\WinRAR\UnRAR.exe Infected: Virus.Win32.Virut.n 1
D:\PROGRA~1\VIRTUA~1\crashguard3.exe Infected: Virus.Win32.Virut.n 1
D:\PROGRA~1\VIRTUA~1\ripvinyl.exe Infected: Virus.Win32.Virut.n 1
D:\Warcraft3\w3l.exe Infected: Virus.Win32.Virut.n 1
D:\Warcraft3\Warcraft III\w3l.exe Infected: Virus.Win32.Virut.n 1
D:\Warcraft3\Warcraft III\World Editor.exe Infected: Virus.Win32.Virut.n 1
D:\Zuma.rar Infected: Virus.Win32.Hidrag.a 2
E:\1.6\Cheating-Death\UninstCD.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\cstrike\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\cstrike\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\hl.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\hlupdate.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\platform\SteamEngine.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\platform\WriteMiniDump.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\cstrike\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\cstrike\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1
E:\Muzika\hlds\Anti CSDoS by Shocker\AntiCSDoS.exe Infected: Virus.Win32.Virut.n 1
E:\Muzika\hlds\cstrike\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\Muzika\hlds\cstrike\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1

The scan was stopped by the user.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:11, on 11.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B89FB80B-D88D-4AE1-8CDB-787178796AD1}: NameServer =
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 3448 bytes

#2 Orange Blossom

Orange Blossom

Posted 13 September 2008 - 10:42 PM

Hello 2fast2furious

You have received a response to your topic here: http://www.bleepingcomputer.com/forums/t/167186/the-kaspersky-log-and-hjt-log-of-a-friend/ Please follow Billy's instructions and inform him of whatever was done that is not mentioned there. Please keep all posts regarding this issue to THAT thread by using the Add Reply button at the bottom of the topic. Starting new topics on the same issue confuses things and delays the assistance you receive.

Thank you for your cooperation. This topic is now closed.

