PDA

View Full Version : Zlob.DNSChanger problem.



DOKUPLAN
2007-07-07, 19:01
Hello,

As many we have also the Zlob.DNSCanger problem. It always comes back after the fix from Spybot.
Avg Anti-spyware is OK
Norman Anitivirus Contol is OK.
Fix 017 entry in Hijackthis listing.
017 entry always comes back when inetnetconection is made active.
No problems when internet conection is down.

Can you please help us.

Thanks in advance

A new forum user.

In attachements:

Spybot results.
Hijackthis results.
Kaspersky scan results.

tashi
2007-07-07, 19:37
Hi there.

Please see "BEFORE you POST"(READ this Procedure before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Copy and paste the HJT log and results of anti virus scan into this topic, than a helper will assist as soon as available.

Regards. :)

DOKUPLAN
2007-07-07, 20:53
Hi Tachi,

Both the HijackThis and the antivirus scan are to big to use the copy and paste mode (more then 20 Kbyte big).

How do we proceed.

Thanks.

DOKUPLAN
2007-07-07, 22:35
Hi Tashi,

I've split up HijackThis into two part and also the Scan results.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:00:04, on 7/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINNT\system32\cisvc.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norman\NPF\NPFSVICE.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\tcpsvcs.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\MsPMSPSv.exe
C:\Norman\Npm\bin\NJEEVES.EXE
D:\WINNT\System32\alg.exe
D:\WINNT\Explorer.EXE
C:\Norman\Npm\bin\ZLH.EXE
D:\WINNT\system32\dslagent.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Norman\NPF\NPFMSG.EXE
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\WINNT\system32\cidaemon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
D:\WINNT\system32\cidaemon.exe
C:\Program Files\Qualcomm\Eudora.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
D:\WINNT\system32\WISPTIS.EXE
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
D:\DOKUPLAN Documenten\Eudora\HiJackThis\HiJackThis_v2.exe
D:\WINNT\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SPSTEALT] "D:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe" /stealt
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Snelkoppeling naar printer-arp.lnk = C:\Scripts\printer-arp.bat
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NPF Messenger.lnk = D:\Program Files\Norman\NPF\NPFMSG.EXE
O4 - Global Startup: StartupFaster
O4 - Global Startup: Watch.lnk.disabled
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.keb.co.kr
O15 - Trusted Zone: http://webmail.plenso.be
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.www.cm.be
O16 - DPF: ppctlcab - http://www.my-etrust.com/includes/pscanner/ppctlcab.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164123505475
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121246197756
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11D512C5-21C0-417B-8FE8-06DA27FC3C77}: NameServer = 85.255.114.14 85.255.112.88

DOKUPLAN
2007-07-07, 22:36
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:00:04, on 7/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal


O18 - Protocol: bw+0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4D46F473-5225-4D36-852A-288C8981D457} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINNT\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - D:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Retrospect Helper - EMC Dantz - D:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe
O23 - Service: ZipToA - Unknown owner - D:\WINNT\System32\ZipToA.exe

--
End of file - 21491 bytes

DOKUPLAN
2007-07-07, 22:45
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 07, 2007 11:56:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/07/2007
Kaspersky Anti-Virus database records: 359286
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
G:\
H:\
Z:\

Scan Statistics:
Total number of scanned objects: 66448
Number of viruses found: 3
Number of infected objects: 42
Number of suspicious objects: 0
Duration of the scan process: 01:45:09

Infected Object Name / Virus Name / Last Action
C:\Win 2000 UPDATE DRIVERS\NORMANTOOLS\Smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP300\change.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\NPF\LOGS\2007-07-07-BLK.EXT.LOG Object is locked skipped
D:\Documents and Settings\All Users\Application Data\NPF\LOGS\2007-07-07-PSC.EXT.LOG Object is locked skipped
D:\Documents and Settings\All Users\Application Data\NPF\LOGS\2007-07-07.LOG Object is locked skipped
D:\Documents and Settings\All Users\Application Data\NPF\LOGS\CRC.EXT.LOG Object is locked skipped
D:\Documents and Settings\Dokuplan\Application Data\Qualcomm\Eudora\Audit.log Object is locked skipped
D:\Documents and Settings\Dokuplan\Application Data\Qualcomm\Eudora\DoNotDel.tmp Object is locked skipped
D:\Documents and Settings\Dokuplan\Application Data\Qualcomm\Eudora\eudora.log Object is locked skipped
D:\Documents and Settings\Dokuplan\Application Data\Qualcomm\Eudora\EudPriv\Ads\Eudora.idx Object is locked skipped
D:\Documents and Settings\Dokuplan\Application Data\Qualcomm\Eudora\OWNER.LOK Object is locked skipped
D:\Documents and Settings\Dokuplan\Application Data\Qualcomm\Eudora\Search\SearchIndex-cols-4.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Application Data\Qualcomm\Eudora\Search\SearchIndex-words-bulk-4.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Temp\Perflib_Perfdata_844.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Temp\Perflib_Perfdata_af4.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Dokuplan\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Dokuplan\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
D:\Inetpub\catalog.wci\00000002.ps1 Object is locked skipped
D:\Inetpub\catalog.wci\00000002.ps2 Object is locked skipped
D:\Inetpub\catalog.wci\00010007.ci Object is locked skipped
D:\Inetpub\catalog.wci\cicat.fid Object is locked skipped
D:\Inetpub\catalog.wci\cicat.hsh Object is locked skipped
D:\Inetpub\catalog.wci\CiCL0001.000 Object is locked skipped
D:\Inetpub\catalog.wci\CiP10000.000 Object is locked skipped
D:\Inetpub\catalog.wci\CiP20000.000 Object is locked skipped
D:\Inetpub\catalog.wci\CiPT0000.000 Object is locked skipped
D:\Inetpub\catalog.wci\CiSL0001.000 Object is locked skipped
D:\Inetpub\catalog.wci\CiSP0000.000 Object is locked skipped
D:\Inetpub\catalog.wci\CiST0000.000 Object is locked skipped
D:\Inetpub\catalog.wci\CiVP0000.000 Object is locked skipped
D:\Inetpub\catalog.wci\INDEX.000 Object is locked skipped
D:\Inetpub\catalog.wci\propstor.bk1 Object is locked skipped
D:\Inetpub\catalog.wci\propstor.bk2 Object is locked skipped
D:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
D:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
D:\System Volume Information\catalog.wci\00010012.ci Object is locked skipped
D:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
D:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
D:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
D:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
D:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
D:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
D:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
D:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
D:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
D:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
D:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
D:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
D:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

DOKUPLAN
2007-07-07, 22:46
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 07, 2007 11:56:56 AM

D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe Ghost Installer: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023209.exe UPX: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe Ghost Installer: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP287\A0023211.exe UPX: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe Ghost Installer: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023246.exe UPX: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe Ghost Installer: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP289\A0023249.exe UPX: infected - 6 skipped
D:\System Volume Information\_restore{3F2933F0-3BC1-4465-BF7C-77C9B49E7D3B}\RP300\change.log Object is locked skipped
D:\WINNT\CSC\00000001 Object is locked skipped
D:\WINNT\Debug\PASSWD.LOG Object is locked skipped
D:\WINNT\Downloaded Installations\{3B40FE51-1E88-4BBF-9DEB-2331B34080E6}\KIP Request 6.msi/Data1.cab/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
D:\WINNT\Downloaded Installations\{3B40FE51-1E88-4BBF-9DEB-2331B34080E6}\KIP Request 6.msi/Data1.cab Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
D:\WINNT\Downloaded Installations\{3B40FE51-1E88-4BBF-9DEB-2331B34080E6}\KIP Request 6.msi Embedded: infected - 2 skipped
D:\WINNT\Downloaded Installations\{45776C17-A6CD-481A-97EC-389D1F5B8F1A}\KIP Request 6.msi/Data1.cab/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
D:\WINNT\Downloaded Installations\{45776C17-A6CD-481A-97EC-389D1F5B8F1A}\KIP Request 6.msi/Data1.cab Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
D:\WINNT\Downloaded Installations\{45776C17-A6CD-481A-97EC-389D1F5B8F1A}\KIP Request 6.msi Embedded: infected - 2 skipped
D:\WINNT\Downloaded Installations\{7E7FF89F-8E76-47D1-9F4F-7F062AED5A02}\KIP Request 6.msi/Data1.cab/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
D:\WINNT\Downloaded Installations\{7E7FF89F-8E76-47D1-9F4F-7F062AED5A02}\KIP Request 6.msi/Data1.cab Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
D:\WINNT\Downloaded Installations\{7E7FF89F-8E76-47D1-9F4F-7F062AED5A02}\KIP Request 6.msi Embedded: infected - 2 skipped
D:\WINNT\SchedLgU.Txt Object is locked skipped
D:\WINNT\SoftwareDistribution\EventCache\{FA1D3867-3108-4B21-8EB1-04E81CD8AD38}.bin Object is locked skipped
D:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINNT\Sti_Trace.log Object is locked skipped
D:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
D:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
D:\WINNT\system32\config\default Object is locked skipped
D:\WINNT\system32\config\default.LOG Object is locked skipped
D:\WINNT\system32\config\Internet.evt Object is locked skipped
D:\WINNT\system32\config\SAM Object is locked skipped
D:\WINNT\system32\config\SAM.LOG Object is locked skipped
D:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
D:\WINNT\system32\config\SECURITY Object is locked skipped
D:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
D:\WINNT\system32\config\software Object is locked skipped
D:\WINNT\system32\config\software.LOG Object is locked skipped
D:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
D:\WINNT\system32\config\system Object is locked skipped
D:\WINNT\system32\config\system.LOG Object is locked skipped
D:\WINNT\system32\h323log.txt Object is locked skipped
D:\WINNT\system32\spool\PRINTERS\FP00002.SHD Object is locked skipped
D:\WINNT\system32\spool\PRINTERS\FP00002.SPL Object is locked skipped
D:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINNT\wiadebug.log Object is locked skipped
D:\WINNT\wiaservc.log Object is locked skipped
D:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

DOKUPLAN
2007-07-10, 19:43
Hi Tachi,

I've got from the support people from AVG the following solution for the problem.


Dear Sir/Madam,

Thank you for your email.

The mentioned registry key, detected by SpyBot S&D is setting of your DNS server. Please push the "Start" button -> "Settings" -> "Control panels" -> "Network connections" -> edit the network connection -> edit the TCP/IP protocol and enable "Obtain DNS servers automatically". Save the setting. After that please push the "Start" button -> "Run" -> type in

ipconfig /flushdns

command and execute it.

Best regards,

Mirek Makovec
AVG Technical Support

website: http://www.grisoft.com
mailto: technicalsupport@grisoft.com

After changing the TCP/IP setting I've (DOKUPLAN) had now more Zlob.DNSChange error when running the full Spybot test.
Done more then five time the test, also after restarting the system and opening the Internet connection.

I hope that this solution may also work for other people having the same problem.

Please let me know if that's a good solution.

Regards.

DOKUPLAN