Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus And System Alert


  • Please log in to reply
17 replies to this topic

#1 rainydaze

rainydaze

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 03 June 2006 - 10:26 AM

Hello
I keep getting this Virus Alert! popup saying my computer is infected and if I click on it, it takes me to this site //www.spywarequake.com/?aff=247 which says I need to download the program in order to get rid of it. and then another popup that takes me to //antivirusgolden.com/?aid=1338
the programs I used were Spybot S&D, AdAware, CWShredder, Zone Alarm and a few others, as of yet nothing has helped.
here is my Highjack this logfile.
Any Help would be much appreciated. Thank You

Logfile of HijackThis v1.99.1
Scan saved at 01:05:39, on 04.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\22M WLAN\WLANMON.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2005\KSTART32.EXE
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bild.t-online.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=9996
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O2 - BHO: (no name) - {8C335A69-00EA-AF30-8C69-047E904BE796} - C:\Programme\UPD\jrppgkoecg.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkctud] C:\WINDOWS\system32\qclkulh.exe r
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [fmssetup] C:\Dokumente und Einstellungen\computer\Desktop\fmssetup.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Programme\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SERglobalBrain Personal Edition - SERiClick.lnk = C:\Programme\SER\SERglobalBrainPE\CAIRO.dat
O4 - Global Startup: SERglobalBrain Personal Edition - Start.lnk = C:\Programme\SER\SERglobalBrainPE\winStart.exe
O4 - Global Startup: Telefonauskunft für den PC 2005 - Schnellstarter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: SERresultBar - {56A4E552-87FA-4833-B90E-336209FE97AE} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O9 - Extra button: SERtoolBar - {759D1CFD-2973-4d98-B948-6B633331A15A} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bild.t-online.de
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E90D8B9-889A-4332-BF5D-317E6EE3AD86}: NameServer = 217.237.151.33 217.237.149.225
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe


EDIT: When I turn my computer on, the first thing that pops up is a folder named system32. I have no idea why that is.

Edited by KoanYorel, 03 June 2006 - 09:11 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2006 - 09:19 AM

Cant find my Bifocals! Please leave the standard text size in tact when replying.


Logfile of HijackThis v1.99.1
Scan saved at 01:05:39, on 04.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\22M WLAN\WLANMON.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2005\KSTART32.EXE
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bild.t-online.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=9996
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O2 - BHO: (no name) - {8C335A69-00EA-AF30-8C69-047E904BE796} - C:\Programme\UPD\jrppgkoecg.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkctud] C:\WINDOWS\system32\qclkulh.exe r
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [fmssetup] C:\Dokumente und Einstellungen\computer\Desktop\fmssetup.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Programme\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SERglobalBrain Personal Edition - SERiClick.lnk = C:\Programme\SER\SERglobalBrainPE\CAIRO.dat
O4 - Global Startup: SERglobalBrain Personal Edition - Start.lnk = C:\Programme\SER\SERglobalBrainPE\winStart.exe
O4 - Global Startup: Telefonauskunft für den PC 2005 - Schnellstarter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: SERresultBar - {56A4E552-87FA-4833-B90E-336209FE97AE} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O9 - Extra button: SERtoolBar - {759D1CFD-2973-4d98-B948-6B633331A15A} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bild.t-online.de
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E90D8B9-889A-4332-BF5D-317E6EE3AD86}: NameServer = 217.237.151.33 217.237.149.225
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe



Ahh,Now I see clearly!


Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close ewido anti-malware.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist

#3 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 04 June 2006 - 03:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 22:20:33, on 04.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\22M WLAN\WLANMON.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2005\KSTART32.EXE
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bild.t-online.de
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - (no file)
O2 - BHO: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O2 - BHO: (no name) - {8C335A69-00EA-AF30-8C69-047E904BE796} - C:\Programme\UPD\jrppgkoecg.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkctud] C:\WINDOWS\system32\qclkulh.exe r
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [fmssetup] C:\Dokumente und Einstellungen\computer\Desktop\fmssetup.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Programme\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SERglobalBrain Personal Edition - SERiClick.lnk = C:\Programme\SER\SERglobalBrainPE\CAIRO.dat
O4 - Global Startup: SERglobalBrain Personal Edition - Start.lnk = C:\Programme\SER\SERglobalBrainPE\winStart.exe
O4 - Global Startup: Telefonauskunft für den PC 2005 - Schnellstarter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: SERresultBar - {56A4E552-87FA-4833-B90E-336209FE97AE} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O9 - Extra button: SERtoolBar - {759D1CFD-2973-4d98-B948-6B633331A15A} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bild.t-online.de
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E90D8B9-889A-4332-BF5D-317E6EE3AD86}: NameServer = 217.237.151.33 217.237.149.225
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe


smitRem © log file
version 2.9

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"

Running from
C:\Dokumente und Einstellungen\computer\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

imfdfcj.dll
regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 728 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:

Edited by rainydaze, 04 June 2006 - 03:23 PM.


#4 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 04 June 2006 - 03:29 PM

Panda activescan


Incident Status Location

Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/novo Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ucmore Not disinfected Windows Registry
Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Thespyguard Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[thespyguard.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\pp1y9bq5.Standard-Benutzer\cookies.txt[.apmebf.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\computer\Desktop\other stuff\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\computer\Desktop\other stuff\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\computer\Desktop\smitRem\Process.exe
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-292.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-301.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-305.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-310.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-311.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.bravenet.com/]
Spyware:Cookie/Go Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.toplist.cz/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[fe.lea.lycos.de/]
Spyware:Cookie/Mp3s Hits Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\tw6nl96n.default\cookies.txt[www.mp3bleeps.com/]
Adware:Adware/IST.ISTBar Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temp\iinstall4955.exe

Edited by rainydaze, 04 June 2006 - 03:30 PM.


#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2006 - 03:30 PM

Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - (no file)

O2 - BHO: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)

O2 - BHO: (no name) - {8C335A69-00EA-AF30-8C69-047E904BE796} - C:\Programme\UPD\jrppgkoecg.dll (file missing)

O3 - Toolbar: SERtoolBar - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)

O4 - HKLM\..\Run: [rkctud] C:\WINDOWS\system32\qclkulh.exe r

O4 - Global Startup: SERglobalBrain Personal Edition - SERiClick.lnk = C:\Programme\SER\SERglobalBrainPE\CAIRO.dat

O4 - Global Startup: SERglobalBrain Personal Edition - Start.lnk = C:\Programme\SER\SERglobalBrainPE\winStart.exe

O9 - Extra button: SERresultBar - {56A4E552-87FA-4833-B90E-336209FE97AE} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)

O9 - Extra button: SERtoolBar - {759D1CFD-2973-4d98-B948-6B633331A15A} - C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Locate and Delete these 2 folders

C:\Programme\SER

C:\Programme\UPD


Post back with a fresh HijackThis log and the results of the Panda Scan.

Edited by Cretemonster, 04 June 2006 - 03:32 PM.


#6 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 04 June 2006 - 03:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 22:39:52, on 04.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\22M WLAN\WLANMON.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2005\KSTART32.EXE
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bild.t-online.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [fmssetup] C:\Dokumente und Einstellungen\computer\Desktop\fmssetup.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Programme\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Telefonauskunft für den PC 2005 - Schnellstarter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bild.t-online.de
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe


Panda ActiveScan

Incident Status Location

Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/novo Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ucmore Not disinfected Windows Registry
Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Thespyguard Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\93208tek.default\cookies.txt[thespyguard.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\computer\Anwendungsdaten\Mozilla\Firefox\Profiles\pp1y9bq5.Standard-Benutzer\cookies.txt[.apmebf.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\computer\Desktop\other stuff\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\computer\Desktop\other stuff\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\computer\Desktop\smitRem\Process.exe
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-292.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-301.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-305.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-310.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies-311.txt[.maxserving.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.bravenet.com/]
Spyware:Cookie/Go Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[.toplist.cz/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\jqwtndhk.Standard-Benutzer\cookies.txt[fe.lea.lycos.de/]
Spyware:Cookie/Mp3s Hits Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\tw6nl96n.default\cookies.txt[www.mp3bleeps.com/]
Adware:Adware/IST.ISTBar Not disinfected C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temp\iinstall4955.exe

Edited by rainydaze, 04 June 2006 - 03:45 PM.


#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2006 - 03:50 PM

Click Start-> Run-> Type in Services.msc and Click OK

Scroll that list and locate this entry

Machine Debug Manager (MDM)

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Manual

Click Apply-> OK and Exit the Services Page


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Restart the Machine and Please run the F-Secure Online Scanner
  • Follow the directions in the F-Secure page for proper Installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Custom Scan and be sure the following are checked.
    • Scan whole System
    • Scan programs and documents
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the I want to decide item by item button.
  • For each item found,Select Disinfect and Click Next
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#8 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 04 June 2006 - 08:59 PM

Monday, June 05, 2006 00:23:04 - 03:56:12
Computer name:
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 9 malware found
Backdoor.Win32.Webdor.p (virus)
C:\WINDOWS.0\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1S71Y531\n7b1_ex[1].enc (Renamed & Submitted)
Backdoor.Win32.Webdor.y (virus)
C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temporary Internet Files\Content.IE5\89ATUDEF\ndl902[1].enc (Renamed & Submitted)
Tracking Cookie (spyware)
System (Disinfected)
Trojan-Clicker.HTML.IFrame.a (virus)
C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\tw6nl96n.default\Cache\CCBB5676d01 (Renamed & Submitted)
Trojan-Downloader.BAT.Ftp.ab (virus)
C:\WINDOWS\system32\i (Renamed & Submitted)
Trojan-Downloader.Win32.Agent.is (virus)
C:\WINDOWS.0\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UG9ZIWC7\n7b2_up[1].enc (Renamed & Submitted)
Trojan-Downloader.Win32.IstBar.ja (virus)
C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temp\iinstall4955.exe (Renamed & Submitted)
Trojan-Downloader.Win32.Reqlook.c (virus)
C:\WINDOWS.0\system32\MSAgentXP.exe (Renamed & Submitted)
Trojan-Dropper.VBS.Inor.cu (virus)
C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6PQRSTCD\index[1].php (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 293425
System: 5536
Not scanned: 84
Actions:
Disinfected: 1
Renamed: 8
Deleted: 0
None: 0
Submitted: 8
Files not scanned:
x¸È-ONLINE FOTOSERVICE\~GLH0021.TMP
C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISF4F112516E734EC2969BE094249DADEA_3_5.MSI\stream 22\mpgvout.004
C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISF4F112516E734EC2969BE094249DADEA_3_5.MSI\stream 22\vcd.iso
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
C:\PROGRAM FILES\MICROPROSE\GRAND PRIX 3\SOUND\BSOUND2.16
C:\PROGRAM FILES\MICROPROSE\GRAND PRIX 3\SOUND\BSOUND3.16
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS.LOG
C:\DOKUMENTE UND EINSTELLUNGEN\DEFAULT USER.LOG
C:\DOKUMENTE UND EINSTELLUNGEN\NETWORKSERVICE\NTUSER.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\NETWORKSERVICE\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\LOCALSERVICE\NTUSER.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\LOCALSERVICE\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_10EC.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_190.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_52C.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_558.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_568.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_578.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_57C.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_58C.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_8EC.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_C54.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_C58.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_CF0.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\PERFLIB_PERFDATA_DC0.DAT
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\TEMP1D33630.TM0
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\~DF26D6.TMP
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\~DF4159.TMP
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\~DF4C17.TMP
C:\DOKUMENTE UND EINSTELLUNGEN\COMPUTER.YOUR-HLVF99ULTW\LOKALE EINSTELLUNGEN\TEMP\~DF6A8E.TMP
C:\DOKUMENTE UND EINSTELLUND EI€|LU

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-06-02
F-Secure Libra: 2.4.1, 2006-06-02
F-Secure Orion: 1.2.37, 2006-06-01
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-00-19
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2006 - 09:12 PM

Allright,lets see if theres anything else obvious left??


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and Post those results.

#10 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 June 2006 - 07:48 AM

I wanted to thank you for the time you've taken to help me out, everything seems to be working fine now and no more virus alert popups, so thanks :thumbsup:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PTech 23.06.2005 22:26:36 6333635 C:\debug.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 24.11.2003 11:14:26 359424 C:\WINDOWS\ImgEnc.exe
UPX! 27.05.2004 08:42:24 88064 C:\WINDOWS\qtzlpgnpddo.exe
UPX! 13.10.2005 21:27:00 RHS 422400 C:\WINDOWS\x2.64.exe

Checking %System% folder...
UPX! 07.10.2005 19:14:52 RHS 308224 C:\WINDOWS\SYSTEM32\avisynth.dll
aspack 22.07.2005 20:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PEC2 02.04.2003 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 09.06.2005 22:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 09.06.2005 22:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 17.08.2002 03:33:40 127488 C:\WINDOWS\SYSTEM32\fmod.dll
aspack 17.09.2005 20:47:44 197120 C:\WINDOWS\SYSTEM32\Freakin Screensaver.scr
UPX! 25.01.2004 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll
PTech 03.08.2005 10:33:42 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 04.05.2006 06:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.05.2006 06:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 00:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 00:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 02.04.2003 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 28.02.2005 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe
UPX! 25.01.2004 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll

Checking %System%\Drivers folder and sub-folders...
PTech 21.04.2002 04:17:00 1295336 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
05.06.2006 13:55:22 S 2048 C:\WINDOWS\bootstat.dat
05.06.2006 01:37:44 H 54156 C:\WINDOWS\QTFont.qfn
27.04.2006 10:24:24 RHS 2945024 C:\WINDOWS\system32\Smab.dll
03.06.2006 14:48:56 H 4212 C:\WINDOWS\system32\zllictbl.dat
05.06.2006 13:55:10 H 8192 C:\WINDOWS\system32\config\default.LOG
05.06.2006 13:55:56 H 1024 C:\WINDOWS\system32\config\SAM.LOG
05.06.2006 13:55:24 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
05.06.2006 13:56:28 H 90112 C:\WINDOWS\system32\config\software.LOG
05.06.2006 13:56:02 H 1413120 C:\WINDOWS\system32\config\system.LOG
10.05.2006 18:01:00 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
13.05.2006 02:05:52 S 688 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
01.06.2006 19:49:12 S 70226 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
13.05.2006 02:05:52 S 94 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
01.06.2006 19:49:12 S 128 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
05.06.2006 13:54:04 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
19.08.2003 09:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 04.08.2004 00:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 00:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 00:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 00:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04.08.2004 00:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 00:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 06.12.2004 21:31:48 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 02.04.2003 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 00:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 02.04.2003 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 00:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 00:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 03.03.2004 10:29:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 00:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
24.03.2003 17:43:32 401408 C:\WINDOWS\SYSTEM32\slcpappl.cpl
NVIDIA Corporation 05.12.2002 11:22:20 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 02.04.2003 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 00:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 00:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 02.04.2003 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 02.04.2003 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 02.04.2003 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
NVIDIA Corporation 23.06.2003 10:24:00 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
02.09.2003 17:34:20 483 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\22M WLAN-Adapter-Utility.lnk
17.08.2003 17:48:12 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
16.02.2006 13:25:12 1792 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
14.07.2005 17:33:08 1066 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Telefonauskunft für den PC 2005 - Schnellstarter.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
03.06.2006 01:02:44 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
17.08.2003 18:44:10 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
16.02.2006 13:25:48 834 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
19.05.2006 14:17:50 2924 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
17.08.2003 17:48:12 HS 84 C:\Dokumente und Einstellungen\computer\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
17.08.2003 18:44:10 HS 62 C:\Dokumente und Einstellungen\computer\Anwendungsdaten\desktop.ini
22.02.2006 21:21:16 80432 C:\Dokumente und Einstellungen\computer\Anwendungsdaten\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HJConvert
{303FEFF1-6ABA-11D3-90E4-0090272D53E3} = C:\Programme\IMSI\HiJaak Image Manager Browser 1.5\ShellExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{441253c2-a0da-4e6e-924f-0024b4d06d9e}
= C:\Programme\T-Online\T-Online_Software_5\Banking\HbDokMan.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\HJConvert
{303FEFF1-6ABA-11D3-90E4-0090272D53E3} = C:\Programme\IMSI\HiJaak Image Manager Browser 1.5\ShellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ab7158b-4bff-4160-ad7d-4d622df548cf}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71821EC4-3CD6-11D6-AEC6-000102AC7057}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C335A69-00EA-AF30-8C69-047E904BE796}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programme\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{B94BFED5-4163-11D6-AEC8-000102AC7057}
SERresultBar = C:\Programme\SER\SERglobalBrainPE\SERtoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Personal Firewall : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll
{71821EC4-3CD6-11D6-AEC6-000102AC7057} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Personal Firewall : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
nForce Tray Options sstray.exe /r
VOBID C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
IW ControlCenter C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe
ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
CHotkey mHotkey.exe
ledpointer CNYHKey.exe
Microsoft Works Update Detection C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
Ulead Memory Card Detector C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
T-DSL SpeedMgr "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
Adobe Photo Downloader "C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
HP Software Update C:\Programme\HP\HP Software Update\HPWuSchd2.exe
QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime
ViewMgr C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
rkctud C:\WINDOWS\system32\qclkulh.exe r

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
DJSNetCN C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
MsnMsgr "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
Skype "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
fmssetup C:\Dokumente und Einstellungen\computer\Desktop\fmssetup.exe
ProxyWay C:\Programme\ProxyWay\proxyway.exe
PeerGuardian C:\Programme\PeerGuardian2\pg2.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 255
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 05.06.2006 14:06:25

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 June 2006 - 04:27 PM

So far so Good! :thumbsup:


Locate and Delete the file listed below

C:\WINDOWS\qtzlpgnpddo.exe


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log.


#12 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 06 June 2006 - 08:34 AM

KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 06, 2006 2:44:53 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 5/06/2006
Kaspersky Anti-Virus database records: 198567


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics
Total number of scanned objects 162400
Number of viruses found 89
Number of infected objects 546
Number of suspicious objects 0
Duration of the scan process 02:00:38

Infected Object Name Virus Name Last Action
C:\Dokumente und Einstellungen\computer\Desktop\other stuff\PPLiveSetup1.1.0.7CN.exe/0001\F6\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Dokumente und Einstellungen\computer\Desktop\other stuff\PPLiveSetup1.1.0.7CN.exe/0001\F6\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Dokumente und Einstellungen\computer\Desktop\other stuff\PPLiveSetup1.1.0.7CN.exe/0001\F6\SynaLiveSetup.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Dokumente und Einstellungen\computer\Desktop\other stuff\PPLiveSetup1.1.0.7CN.exe Tarma: infected - 3 skipped

C:\Dokumente und Einstellungen\computer\Desktop\other stuff\PPLiveSetup1.1.0.7CN.exe UPX: infected - 3 skipped

C:\Dokumente und Einstellungen\computer\Desktop\other stuff\YSIGet 0.99c.exe/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Dokumente und Einstellungen\computer\Desktop\other stuff\YSIGet 0.99c.exe NSIS: infected - 1 skipped

C:\Dokumente und Einstellungen\computer\Eigene Dateien\programs\You Send It\YSIGet 0.99c.exe/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Dokumente und Einstellungen\computer\Eigene Dateien\programs\You Send It\YSIGet 0.99c.exe NSIS: infected - 1 skipped

C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Anwendungsdaten\Mozilla\Firefox\Profiles\tw6nl96n.default\Cache\CCBB5676d01.0 Infected: Trojan-Clicker.HTML.IFrame.a skipped

C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temp\iinstall4955.0xe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped

C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temp\iinstall4955.0xe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped

C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temp\iinstall4955.0xe/data0005 Infected: Trojan-Downloader.Win32.IstBar.ja skipped

C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temp\iinstall4955.0xe NSIS: infected - 3 skipped

C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6PQRSTCD\index[1].0hp Infected: Trojan-Dropper.VBS.Inor.cu skipped

C:\Dokumente und Einstellungen\computer.YOUR-HLVF99ULTW\Lokale Einstellungen\Temporary Internet Files\Content.IE5\89ATUDEF\ndl902[1].0nc Infected: Backdoor.Win32.Webdor.y skipped

C:\Programme\PPLive TV\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Programme\PPLive TV\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Programme\PPLive TV\SynaLiveSetup.exe NSIS: infected - 2 skipped

C:\Programme\YSIGet\uninstall.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Programme\YSIGet\uninstall.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP347\A0320867.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP347\A0320872.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP348\A0321872.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP348\A0321896.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP348\A0321897.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP349\A0322005.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP349\A0322010.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP350\A0323010.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP351\A0323124.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP351\A0323129.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP352\A0323297.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP352\A0323302.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP352\A0324302.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP353\A0324387.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP353\A0324392.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP354\A0324537.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP354\A0325542.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP354\A0325642.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP355\A0326642.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP355\A0327642.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP355\A0327689.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP355\A0327690.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP356\A0327827.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP356\A0327832.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP356\A0328160.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP357\A0328188.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP357\A0328189.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP357\A0329188.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP358\A0329359.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP358\A0329360.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP359\A0329483.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP359\A0329488.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP360\A0329579.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP360\A0329580.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP361\A0330579.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP361\A0331579.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP361\A0331729.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP361\A0331730.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP362\A0332729.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP362\A0333729.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP363\A0333870.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP363\A0333875.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP364\A0334098.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP364\A0334103.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP364\A0334235.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP364\A0334247.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP365\A0334386.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP365\A0334387.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP365\A0334505.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP366\A0334521.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP366\A0334522.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP366\A0334691.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP366\A0334705.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP366\A0334706.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP367\A0334810.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP367\A0334811.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP368\A0335810.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP369\A0336810.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP369\A0337810.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP369\A0337818.exe Infected: not-a-virus:AdWare.Win32.Bestofer.d skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP371\A0337827.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP371\A0337828.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP372\A0337938.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP372\A0337939.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP372\A0338938.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP373\A0339005.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP373\A0339010.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP373\A0339134.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP373\A0339165.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP374\A0339260.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP374\A0339265.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP374\A0339399.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP374\A0339400.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP375\A0340399.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP375\A0340503.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP375\A0340504.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP375\A0340526.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP375\A0340527.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP375\A0340536.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP377\A0340635.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP377\A0340636.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP377\A0341635.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP377\A0341682.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0342635.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP378\A0342658.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP379\A0343635.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP380\A0343707.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP380\A0343726.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP380\A0343738.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP380\A0344712.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP380\A0344721.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0345712.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0346712.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0346735.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0346736.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0346747.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0347735.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0347750.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0347791.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP382\A0347799.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP383\A0348791.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP383\A0348806.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP383\A0348855.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP383\A0348856.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP384\A0348869.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP384\A0349855.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP384\A0349863.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP385\A0349917.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP385\A0349999.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP385\A0350012.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP386\A0350999.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP386\A0351008.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP386\A0351036.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP386\A0351037.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP387\A0351050.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP387\A0351101.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP387\A0351106.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP387\A0351118.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP388\A0351231.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP388\A0351236.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP388\A0351252.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP389\A0351344.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP389\A0351345.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP389\A0351353.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP390\A0351366.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP390\A0351367.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP390\A0351392.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP390\A0351444.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP390\A0351445.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP390\A0351454.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP391\A0351624.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP391\A0351647.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP391\A0351648.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP391\A0351664.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP392\A0351784.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP392\A0351789.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP393\A0352180.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP393\A0352277.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP393\A0352278.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP393\A0352287.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP394\A0352408.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP394\A0352413.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP394\A0352423.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP395\A0352558.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP395\A0352559.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP395\A0352594.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP395\A0352750.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP395\A0352751.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP396\A0352994.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP396\A0352999.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP397\A0353029.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP397\A0353034.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP397\A0353106.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP397\A0353126.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP397\A0353127.exe Infected: not-a-virus:AdWare.Win32.AdSquash.c skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP397\A0353128.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP398\A0353252.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP398\A0353253.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP398\A0353264.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP398\A0353266.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP399\A0353380.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP399\A0353385.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP399\A0353514.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP399\A0353515.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP401\A0353658.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP401\A0353663.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP402\A0353760.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP402\A0353761.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP403\A0353799.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP403\A0353855.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP403\A0353856.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP404\A0353974.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP404\A0353979.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP405\A0354089.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP405\A0354094.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP405\A0354121.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP405\A0354122.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP406\A0354258.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP406\A0354263.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP406\A0354354.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP407\A0354444.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP407\A0354449.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP408\A0354505.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP408\A0354510.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP408\A0354577.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP408\A0354578.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP409\A0354627.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP409\A0354628.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP410\A0354723.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP410\A0354728.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP411\A0354759.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP411\A0354760.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP411\A0354871.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP411\A0354872.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP412\A0354978.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP412\A0354983.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP412\A0355024.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP412\A0356024.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0356053.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0356054.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0356154.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0356207.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0357207.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0358207.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0358222.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0358239.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP413\A0358324.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP414\A0358469.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP414\A0358474.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP415\A0358541.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP415\A0358546.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP415\A0359546.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP415\A0359631.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0359794.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0359802.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0360799.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0360864.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0360873.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0360874.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0360875.exe Infected: Trojan.Win32.Stervis.o skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP416\A0360876.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP417\A0360937.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP417\A0360938.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP417\A0360949.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP417\A0360951.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361049.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361050.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361082.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361083.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361084.exe Infected: Trojan.Win32.Stervis.o skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361085.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361118.dll Infected: Trojan.Win32.Agent.fk skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361119.dll Infected: Trojan.Win32.Agent.fk skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361120.exe Infected: Trojan-Downloader.Win32.Small.bdb skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361121.exe Infected: Trojan-Downloader.Win32.Small.bdb skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361122.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361123.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361124.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361125.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361129.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361130.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361138.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361140.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361163.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP418\A0361164.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361222.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361223.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361290.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.qx skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361290.exe/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.qy skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361290.exe/stream/data0009 Infected: Trojan-Downloader.Win32.Zlob.qx skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361290.exe/stream Infected: Trojan-Downloader.Win32.Zlob.qx skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361290.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361290.exe UPX: infected - 4 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361290.exe PE_Patch.UPX: infected - 4 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361291.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.qx skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361291.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.qx skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361291.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361291.exe UPX: infected - 2 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361291.exe PE_Patch.UPX: infected - 2 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361298.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361332.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361333.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361344.exe Infected: Trojan-Downloader.Win32.Small.bdb skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361345.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361346.dll Infected: Trojan.Win32.Agent.fk skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361347.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361348.dll Infected: Trojan.Win32.Agent.fk skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361349.exe Infected: Trojan-Downloader.Win32.Small.bdb skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361350.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP419\A0361352.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361362.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361363.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361364.exe Infected: Trojan.Win32.Stervis.o skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361365.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361370.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361380.exe/data0007 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361380.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361384.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361394.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361402.dll Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361407.exe Infected: not-a-virus:AdWare.Win32.Sahat.ah skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361408.exe Infected: not-a-virus:AdWare.Win32.Sahat.ag skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361409.exe Infected: not-a-virus:AdWare.Win32.Sahat.f skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0361410.dll Infected: not-a-virus:AdWare.Win32.Sahat.ad skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0362377.exe Infected: Trojan-Downloader.Win32.Agent.amv skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0362378.dll Infected: not-a-virus:AdWare.Win32.WinAD.af skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0362384.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363371.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363376.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363377.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363378.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363380.exe Infected: Trojan.Win32.Small.cy skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363381.exe Infected: not-a-virus:AdWare.Win32.WinAD.bb skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363388.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0363389.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0364388.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365449.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365450.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365451.dll Infected: Trojan.Win32.Agent.fk skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365452.exe Infected: Trojan.Win32.Agent.ay skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365453.dll Infected: Trojan.Win32.Agent.fk skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365454.exe Infected: Trojan-Downloader.Win32.Small.bdb skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365455.exe Infected: Trojan-Downloader.Win32.Small.bdb skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365457.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365458.dll Infected: Trojan.Win32.Agent.cl skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365459.exe Infected: Trojan.Win32.Stervis.o skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365460.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365461.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365462.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365463.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365464.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365465.exe Infected: Trojan.Win32.Stervis.o skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365466.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365467.exe Infected: Trojan.Win32.Stervis.o skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365468.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365469.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365470.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365471.exe Infected: not-a-virus:AdWare.Win32.AdSquash.c skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365472.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365473.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365474.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365475.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ao skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365476.dll Infected: Trojan-Downloader.Win32.Agent.li skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365477.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365478.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365479.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365480.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365481.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365482.exe Infected: Trojan.Win32.Stervis.e skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365483.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365484.exe Infected: Trojan-Downloader.Win32.IstBar.kw skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365485.exe Infected: Trojan-Downloader.Win32.IstBar.kw skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365486.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ah skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365487.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365488.exe Infected: Backdoor.Win32.Bifrose.dd skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365489.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365490.exe Infected: Backdoor.Win32.Rbot.gen skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365491.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365491.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365491.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365491.exe CryptFF: infected - 2 skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365492.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365493.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.l skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365494.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A0365495.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.m skipped

C:\System Volume Information\_restore{5EDB1906-2FE0-4855-AD98-733D62A2B607}\RP420\A03654

#13 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 06 June 2006 - 08:35 AM

Logfile of HijackThis v1.99.1
Scan saved at 15:34:04, on 06.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\22M WLAN\WLANMON.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2005\KSTART32.EXE
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINDOWS\System32\wisptis.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bild.t-online.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - (no file)
O2 - BHO: (no name) - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - (no file)
O2 - BHO: (no name) - {8C335A69-00EA-AF30-8C69-047E904BE796} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {71821EC4-3CD6-11D6-AEC6-000102AC7057} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programme\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [rkctud] C:\WINDOWS\system32\qclkulh.exe r
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [fmssetup] C:\Dokumente und Einstellungen\computer\Desktop\fmssetup.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Programme\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - Global Startup: 22M WLAN-Adapter-Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Telefonauskunft für den PC 2005 - Schnellstarter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bild.t-online.de
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E90D8B9-889A-4332-BF5D-317E6EE3AD86}: NameServer = 217.237.151.33 217.237.149.225
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 June 2006 - 05:25 PM

Any idea what this is??

O4 - HKCU\..\Run: [fmssetup] C:\Dokumente und Einstellungen\computer\Desktop\fmssetup.exe

#15 rainydaze

rainydaze
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 06 June 2006 - 06:22 PM

I don't know what that is, searched for it but couldn't find it. Other than that, do you think everything is okay now with the computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users