PDA

View Full Version : Please help me clean Win32/Agent.BCK



pegaso
2007-10-06, 18:04
I have NOD32 running on my PC (use to have Norton Internet Security, but I have uninstalled it before I use NOD32), and after I boot it c omes up with the warning for trojan Win32/Agent.bck, when I select "Terminate" after few seconds a new window comes up saying that i am infected with "Trojan Downloader.small trojan"After this I can not run most of my programs e.g. spybot 1.5 , I get the windows message "Spybot (or other software) has encountered an erron and needs to close" etc. etc.
I have dowloaded and run Vundofix which seem to have cleaned it but when I reboot I get the same messages from NOD32. Here is my Hijackthis report.
I have posted the Kaspersky online on a new post since there are too mant characters for this post.
I would appreciate your help to clean the trojans.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:31:55 μμ, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\cisvc.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Eset\nod32krn.exe
E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\ESET\nod32kui.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Michael Halkiadakis\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.otenet.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DGcon Systems
O1 - Hosts: 127.98.9.1 mail.otenet.gr.b9 #
O1 - Hosts: 62.103.128.200 www.otenet.gr #2004-04-07 18:43:13
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {673995FA-5CBC-454B-957F-96403A570E0E} - E:\WINDOWS\system32\awtqo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - E:\WINDOWS\system32\sycprour.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] E:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NAV Agent] E:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] E:\Program Files\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - HKCU\..\Run: [PlaxoUpdate] E:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe -a
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://E:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Λήψη όλων με το FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χρήση του FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .tif: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148313725656
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.eurobank.gr/europortal/certs/capicom.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fvoem1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF9E04D-5622-4326-B971-8A0DC811699A}: NameServer = 195.170.0.1,195.170.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F41938B-0D3D-472F-9770-4F028ADF1DE8}: NameServer = 192.168.100.50
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NetOp Helper ver. 7.60 (2003246) (NetOp Host for NT Service) - Danware Data A/S - E:\Program Files\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O24 - Desktop Component 0: (no name) - file:///E:/DOCUME~1/MICHAE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 11102 bytes

pegaso
2007-10-06, 18:08
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 06, 2007 5:51:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 427880
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 149074
Number of viruses found: 13
Number of infected objects: 121
Number of suspicious objects: 0
Duration of the scan process: 02:48:41

Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\76907ecd4f906085269808630239dca2_56f657bd-2ca4-44e8-9a5a-194f63b8641a Object is locked skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3da3cce1f40059b2a4cc98e3dbd09c5_56f657bd-2ca4-44e8-9a5a-194f63b8641a Object is locked skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Support\MPLog-09142007-162809.log Object is locked skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\00A81F76.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\00CF174B.tmp/ATT01.zip Infected: Email-Worm.Win32.Nyxem.e skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\00CF174B.tmp Mail: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\00CF174B.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\030476DE.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\048F4F2B.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\04F80A8A.tmp Infected: Trojan-Downloader.Win32.Small.edn skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\053C7C3E.tmp/[From smtpin21l.fasthosts.co.uk [127.0.0.1]][Date Wed, 27 Dec 2006 10:13:16 +0200]/UNNAMED/[From uncan@xantrex.com][Date Wed, 27 Dec 2006 10:00:45 +0200]/your_document.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\053C7C3E.tmp/[From smtpin21l.fasthosts.co.uk [127.0.0.1]][Date Wed, 27 Dec 2006 10:13:16 +0200]/UNNAMED/[From uncan@xantrex.com][Date Wed, 27 Dec 2006 10:00:45 +0200]/your_document.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\053C7C3E.tmp/[From smtpin21l.fasthosts.co.uk [127.0.0.1]][Date Wed, 27 Dec 2006 10:13:16 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\053C7C3E.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\053C7C3E.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\10DD09CA.tmp/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\10DD09CA.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\10DD09CA.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\19966F02.tmp/[From localhost.localdomain [127.0.0.1]][Date Fri, 30 Mar 2007 17:54:18 +0300]/UNNAMED/[From latexcom@otenet.gr][Date Fri, 30 Mar 2007 17:30:20 +0300]/id04009.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\19966F02.tmp/[From localhost.localdomain [127.0.0.1]][Date Fri, 30 Mar 2007 17:54:18 +0300]/UNNAMED/[From latexcom@otenet.gr][Date Fri, 30 Mar 2007 17:30:20 +0300]/id04009.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\19966F02.tmp/[From localhost.localdomain [127.0.0.1]][Date Fri, 30 Mar 2007 17:54:18 +0300]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\19966F02.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\19966F02.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE931AF.tmp/[From smtpin-134.livemail.co.uk [127.0.0.1]][Date Thu, 29 Mar 2007 11:19:58 +0300]/UNNAMED/[From atlantis@otenet.gr][Date Thu, 29 Mar 2007 01:04:48 +0300]/msg_info.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped

pegaso
2007-10-06, 18:10
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE931AF.tmp/[From smtpin-134.livemail.co.uk [127.0.0.1]][Date Thu, 29 Mar 2007 11:19:58 +0300]/UNNAMED/[From atlantis@otenet.gr][Date Thu, 29 Mar 2007 01:04:48 +0300]/msg_info.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE931AF.tmp/[From smtpin-134.livemail.co.uk [127.0.0.1]][Date Thu, 29 Mar 2007 11:19:58 +0300]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE931AF.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE931AF.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\295C34BC.tmp/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\295C34BC.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\295C34BC.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40F93FA4.tmp/[From smtpin08l.livemail.co.uk [127.0.0.1]][Date Thu, 28 Dec 2006 09:50:28 +0200]/UNNAMED/[From info@datacomm.gr][Date Thu, 28 Dec 2006 10:15:12 +0200]/document_info.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40F93FA4.tmp/[From smtpin08l.livemail.co.uk [127.0.0.1]][Date Thu, 28 Dec 2006 09:50:28 +0200]/UNNAMED/[From info@datacomm.gr][Date Thu, 28 Dec 2006 10:15:12 +0200]/document_info.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40F93FA4.tmp/[From smtpin08l.livemail.co.uk [127.0.0.1]][Date Thu, 28 Dec 2006 09:50:28 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40F93FA4.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40F93FA4.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE30BF8.tmp/[From smtpin-136.livemail.co.uk [127.0.0.1]][Date Tue, 2 Jan 2007 18:20:06 +0200]/UNNAMED/[From 44b25179.5040604@sielups.com][Date Tue, 2 Jan 2007 17:56:42 +0200]/my_numbers.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE30BF8.tmp/[From smtpin-136.livemail.co.uk [127.0.0.1]][Date Tue, 2 Jan 2007 18:20:06 +0200]/UNNAMED/[From 44b25179.5040604@sielups.com][Date Tue, 2 Jan 2007 17:56:42 +0200]/my_numbers.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE30BF8.tmp/[From smtpin-136.livemail.co.uk [127.0.0.1]][Date Tue, 2 Jan 2007 18:20:06 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE30BF8.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE30BF8.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\537C3483.tmp/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\537C3483.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\537C3483.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\548B19E2.tmp/[From smtpin-128.livemail.co.uk [127.0.0.1]][Date Mon, 18 Dec 2006 10:33:24 +0200]/UNNAMED/[From szic@e-techstudios.com][Date Mon, 18 Dec 2006 11:01:54 +0200]/document07.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\548B19E2.tmp/[From smtpin-128.livemail.co.uk [127.0.0.1]][Date Mon, 18 Dec 2006 10:33:24 +0200]/UNNAMED/[From szic@e-techstudios.com][Date Mon, 18 Dec 2006 11:01:54 +0200]/document07.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\548B19E2.tmp/[From smtpin-128.livemail.co.uk [127.0.0.1]][Date Mon, 18 Dec 2006 10:33:24 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\548B19E2.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\548B19E2.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\580B5B7F.tmp/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\580B5B7F.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\580B5B7F.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5D77077F.0XE Infected: P2P-Worm.Win32.VB.dw skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5DC44350.tmp/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5DC44350.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5DC44350.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\601D4234.tmp/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\601D4234.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\601D4234.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\665560C8.tmp/[From press@traveldailynews.com][Date Wed, 3 Jan 2007 09:17:43 +0200]/about_you.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\665560C8.tmp/[From press@traveldailynews.com][Date Wed, 3 Jan 2007 09:17:43 +0200]/about_you.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\665560C8.tmp Mail: infected - 2 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\665560C8.tmp CryptFF: infected - 2 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6B020A95.tmp Infected: Email-Worm.Win32.Warezov.ev skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6CF7297B.tmp/[From smtpin12l.livemail.co.uk [127.0.0.1]][Date Wed, 3 Jan 2007 08:57:10 +0200]/UNNAMED/[From press@traveldailynews.com][Date Wed, 3 Jan 2007 09:17:43 +0200]/about_you.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6CF7297B.tmp/[From smtpin12l.livemail.co.uk [127.0.0.1]][Date Wed, 3 Jan 2007 08:57:10 +0200]/UNNAMED/[From press@traveldailynews.com][Date Wed, 3 Jan 2007 09:17:43 +0200]/about_you.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6CF7297B.tmp/[From smtpin12l.livemail.co.uk [127.0.0.1]][Date Wed, 3 Jan 2007 08:57:10 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton

pegaso
2007-10-06, 18:11
AntiVirus\Quarantine\6CF7297B.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6CF7297B.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6E8F4CAF.0XE Infected: P2P-Worm.Win32.VB.dw skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\702167B8.tmp/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\702167B8.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\702167B8.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\75DA29CA.tmp Infected: Email-Worm.Win32.Warezov.fb skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\760E605F.exe/data0002 Infected: Trojan.Win32.VB.amd skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\760E605F.exe NSIS: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\760E605F.exe CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\761C6460.0XE Infected: Backdoor.Win32.IRCBot.dd skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\76810712.tmp Infected: Email-Worm.Win32.Warezov.fb skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\78F8320B.tmp/data0002 Infected: Trojan.Win32.VB.amd skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\78F8320B.tmp NSIS: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\78F8320B.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\79A9339B.tmp/[From smtpin-111.livemail.co.uk [127.0.0.1]][Date Sat, 24 Mar 2007 12:28:01 +0200]/UNNAMED/[From sk-stad@otenet.gr][Date Sat, 24 Mar 2007 11:45:57 +0200]/data.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\79A9339B.tmp/[From smtpin-111.livemail.co.uk [127.0.0.1]][Date Sat, 24 Mar 2007 12:28:01 +0200]/UNNAMED/[From sk-stad@otenet.gr][Date Sat, 24 Mar 2007 11:45:57 +0200]/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\79A9339B.tmp/[From smtpin-111.livemail.co.uk [127.0.0.1]][Date Sat, 24 Mar 2007 12:28:01 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\79A9339B.tmp Mail: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\79A9339B.tmp CryptFF: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7B615594.tmp Infected: Email-Worm.Win32.Warezov.gj skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5D1AE4.tmp/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5D1AE4.tmp ZIP: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5D1AE4.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7F8506B6.tmp/Word.zip Infected: Email-Worm.Win32.Nyxem.e skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7F8506B6.tmp Mail: infected - 1 skipped
E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7F8506B6.tmp CryptFF: infected - 1 skipped
E:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\Application Data\MailWasherPro\Trash.mbox/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:54 +0300]/UNNAMED/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:57 +0300]/UNNAMED/UNNAMED/[From newsletter@apriliacheckpoint.com][Date Mon, 19 Jul 2004 21:43:59 +0200 (CEST)]/readme.txt Infected: Email-Worm.Win32.NetSky.q skipped
E:\Documents and Settings\Michael Halkiadakis\Application Data\MailWasherPro\Trash.mbox/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:54 +0300]/UNNAMED/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:57 +0300]/UNNAMED/UNNAMED/[From "Brigitte Huff" <brigittehuff_yw@admail.com.au>][Date Mon, 19 Jul 2004 15:14:33 -0700]/mail.zip/mail.scr Infected: Email-Worm.Win32.Mydoom.l skipped
E:\Documents and Settings\Michael Halkiadakis\Application Data\MailWasherPro\Trash.mbox/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:54 +0300]/UNNAMED/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:57 +0300]/UNNAMED/UNNAMED/[From "Brigitte Huff" <brigittehuff_yw@admail.com.au>][Date Mon, 19 Jul 2004 15:14:33 -0700]/mail.zip Infected: Email-Worm.Win32.Mydoom.l skipped
E:\Documents and Settings\Michael Halkiadakis\Application Data\MailWasherPro\Trash.mbox/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:54 +0300]/UNNAMED/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:57 +0300]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Mydoom.l skipped
E:\Documents and Settings\Michael Halkiadakis\Application Data\MailWasherPro\Trash.mbox/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:54 +0300]/UNNAMED/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:57 +0300]/UNNAMED Infected: Email-Worm.Win32.Mydoom.l skipped
E:\Documents and Settings\Michael Halkiadakis\Application Data\MailWasherPro\Trash.mbox/[From dimitris.skafidakis@oktabit.gr][Date Mon, 19 Jul 2004 21:30:54 +0300]/UNNAMED Infected: Email-Worm.Win32.Mydoom.l skipped
E:\Documents and Settings\Michael Halkiadakis\Application Data\MailWasherPro\Trash.mbox Mail Berkeley mbox: infected - 6 skipped
E:\Documents and Settings\Michael Halkiadakis\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\History\History.IE5\MSHist012007100520071006\index.dat Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Temp\dapghjtm.dll Infected: Trojan.Win32.BHO.hj skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Temp\KOYIICRR.0XE Infected: Trojan.Win32.Agent.bck skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Temp\OELVXQJM.0XE Infected: Trojan.Win32.Agent.bck skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Temp\pplhmxaq.dll Infected: Trojan.Win32.BHO.hj skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Temp\qmusyvpw.dll Infected: Trojan.Win32.BHO.hj skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Temporary Internet Files\Content.IE5\FOV799F1\lkjh[2] Infected: Trojan-Downloader.Win32.Tiny.id skipped
E:\Documents and Settings\Michael Halkiadakis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\ntuser.dat Object is locked skipped
E:\Documents and Settings\Michael Halkiadakis\NTUSER.DAT.LOG Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp\Perflib_Perfdata_7c4.dat Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
E:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
E:\Program Files\ESET\infected\1MNEYDBA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\3WROXSAA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\E00OFGAA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\FWMJJYAA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\HXPOMKCA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\K2IOEMCA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\OYMCMIDA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\TGGYM4CA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\UL4LHPBA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\XLEZLLCA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\XS2Q1TDA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\YC4QR2CA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\YIVHZPDA.NQF Infected: Trojan.Win32.Agent.bck skipped
E:\Program Files\ESET\infected\Z5M0JJAA.NQF Infected: Trojan.Win32.BHO.hj skipped
E:\Program Files\ESET\logs\virlog.dat Object is locked skipped
E:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_294.trc Object is locked skipped
E:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
E:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
E:\System Volume Information\catalog.wci\0001000E.ci Object is locked skipped
E:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
E:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
E:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
E:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
E:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
E:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
E:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
E:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
E:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
E:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
E:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
E:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
E:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{F0CD1DAB-1680-4F61-A07B-1356948BB9AA}\RP269\A0030207.exe Infected: P2P-Worm.Win32.VB.dw skipped
E:\System Volume Information\_restore{F0CD1DAB-1680-4F61-A07B-1356948BB9AA}\RP269\A0030208.exe Infected: P2P-Worm.Win32.VB.dw skipped
E:\System Volume Information\_restore{F0CD1DAB-1680-4F61-A07B-1356948BB9AA}\RP269\A0030209.exe Infected: Backdoor.Win32.IRCBot.dd skipped
E:\System Volume Information\_restore{F0CD1DAB-1680-4F61-A07B-1356948BB9AA}\RP270\change.log Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\Sti_Trace.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\Internet.evt Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
E:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
E:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
E:\WINDOWS\wiadebug.log Object is locked skipped
E:\WINDOWS\wiaservc.log Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.