Results 1 to 2 of 2

Thread: Win32.Rbot/eitdzj.exe

  1. 2007-10-30, 18:43 #1
    Loken
    Loken is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    6

    Default Win32.Rbot/eitdzj.exe

    Hey, a few days ago I was told that eitdzj.exe is causing the problems I have with my computer so now I'm wondering.. how do I get rid of it? :s I dont know if I have to or not buy hey, I'll post my scan logs again.

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:35:30, on 2007-10-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe
    C:\WINDOWS\system32\dllhost.exe
    c:\program files\panda software\panda antivirus 2007\WebProxy.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\eitdzj.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/se/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S78.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\LKEN~1\LOCALS~1\Temp\{56DC644C-E73D-4203-97B6-F43822666BD9}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Microsoft Update Machine] eitdzj.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Löken\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] eitdzj.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Löken\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 10221 bytes
  2. 2007-10-30, 18:44 #2
    Loken
    Loken is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    6

    Default

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, October 27, 2007 9:54:31 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 26/10/2007
    Kaspersky Anti-Virus database records: 446707
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\
    M:\
    N:\
    O:\
    P:\
    Q:\

    Scan Statistics:
    Total number of scanned objects: 538761
    Number of viruses found: 16
    Number of infected objects: 49
    Number of suspicious objects: 0
    Duration of the scan process: 07:17:53

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\Ing-Marie\Local Settings\Temp\qrjatydi.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Ing-Marie\Local Settings\Temporary Internet Files\Content.IE5\C6DR129M\upd32_v13[1] Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\Documents and Settings\Ing-Marie\Local Settings\Temporary Internet Files\Content.IE5\Q9OZE9U5\vasya[1] Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Löken\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Löken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Löken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Löken\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Löken\Local Settings\History\History.IE5\MSHist012007102620071027\index.dat Object is locked skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\BearShare_1732187.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\BearShare_1732187.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\BearShare_1732187.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\BearShare_1732187.exe WiseSFX: infected - 3 skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\BearShare_1732187.exe WiseSFX Dropper: infected - 3 skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\mofugclq.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\qrjatydi.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\rhvqsuwb.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Löken\Local Settings\Temp\urclqecd.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\0163GLY7\f4d28682d186cc6beb75f106d133f489[1].zip/b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\0163GLY7\f4d28682d186cc6beb75f106d133f489[1].zip/b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\0163GLY7\f4d28682d186cc6beb75f106d133f489[1].zip/b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\0163GLY7\f4d28682d186cc6beb75f106d133f489[1].zip/b128.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\0163GLY7\f4d28682d186cc6beb75f106d133f489[1].zip/b128.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\0163GLY7\f4d28682d186cc6beb75f106d133f489[1].zip ZIP: infected - 5 skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\0163GLY7\tsitra[1].exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\8DQ30P2J\!update-4395[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\8DQ30P2J\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe Infected: Trojan-Downloader.Win32.Agent.ehg skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\8DQ30P2J\a8f5a020e4b833865a1034489887c8b9[1].zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Löken\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Löken\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Löken\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Löken\Shared\Adobe.Photoshop.CS3.v10.0.Extended.Keygen\keygen.exe Infected: Trojan-Dropper.NSIS.Agent.b skipped
    C:\Documents and Settings\Löken\Shared\Photoshop CS3 Keygen+activation.rar/Adobe CS3 Master Activation/Keygen+Activation.exe Infected: Backdoor.Win32.Ciadoor.gn skipped
    C:\Documents and Settings\Löken\Shared\Photoshop CS3 Keygen+activation.rar RAR: infected - 1 skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Sanna\Local Settings\Temporary Internet Files\Content.IE5\YZN194HL\upd32_v13[1] Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\Documents and Settings\Sanna\Local Settings\Temporary Internet Files\Content.IE5\ZV5955LM\vasya[1] Infected: Trojan.Win32.Agent.bck skipped
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\starwind.2007-10-26.21-20-53.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\L0000001.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Löken\Data\storydb.idx Object is locked skipped
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    C:\RECYCLER\S-1-5-21-3865965735-2936202337-2547828924-1010\Dc318\PhotoShop CS3 Keygen WITH Activation.rar/PhotoShop CS3 Extended Keygen + Activation/PhotoShop CS3 Extended Keygen + Activation/patcPhotoShop CS3 Extended Keygen + Activationh.exe Infected: Backdoor.Win32.Aimbot.gc skipped
    C:\RECYCLER\S-1-5-21-3865965735-2936202337-2547828924-1010\Dc318\PhotoShop CS3 Keygen WITH Activation.rar RAR: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP318\A0094132.exe Infected: Backdoor.Win32.Ciadoor.gn skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP318\A0094134.exe Infected: Backdoor.Win32.Aimbot.gc skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP318\A0094183.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP318\A0094186.exe Infected: Trojan.Win32.Agent.bqn skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP319\A0094242.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP319\A0094244.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP319\A0094365.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\A0094388.exe Infected: Backdoor.Win32.Ciadoor.gn skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\A0094397.exe Infected: Backdoor.Win32.Aimbot.gc skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\A0097467.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\A0097572.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\A0097573.exe Infected: Trojan.Win32.Agent.bqn skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\A0097574.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\A0097575.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{AE69B033-B293-42DD-BDC3-23E87CC1F3A6}\RP320\change.log Object is locked skipped
    C:\VundoFix Backups\kvyhpvzy.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\WINDOWS\b122.exe Infected: Trojan-Downloader.Win32.Agent.ehg skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D118D615-DFEE-4A1D-81FE-827F95480BD1}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\eitdzj.exe Infected: Backdoor.Win32.Rbot.bll skipped
    C:\WINDOWS\system32\Fun.exe Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\psjgjjsr.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\tsitra1044.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
    D:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
    D:\System Volume Information\catalog.wci\0001000B.ci Object is locked skipped
    D:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
    D:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
    D:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
    D:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
    D:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.

    Edit:
    http://forums.spybot.info/showthread.php?p=131201
    Last edited by tashi; 2007-11-12 at 23:09. Reason: Added link
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules