View Full Version : Virtumonde - Please Help!
Wiegenlied
2007-11-20, 07:42
Hi.
I read over some of the posts about Virtumonde and they were REALLY helpful! I did the VundoFix stuff, but couldn't download the ComboFix program because it said it was out of date or something like that. I'm stuck in that respect.
Here is my VundoFix log. Please help! Thanks in advance - you guys are great for what you do! :bigthumb:
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 11:32:10 PM 19/11/2007
Listing files found while scanning....
C:\windows\system32\enpzgrte.dll
C:\windows\system32\enpzgrte.dllbox
C:\windows\system32\jkklk.dll
C:\windows\system32\klkkj.ini
C:\windows\system32\klkkj.ini2
C:\windows\system32\oepmrgnj.dllbox
C:\windows\system32\wpychcud.dll
Beginning removal...
Beginning removal...
Attempting to delete C:\windows\system32\enpzgrte.dll
C:\windows\system32\enpzgrte.dll Could not be deleted.
Attempting to delete C:\windows\system32\enpzgrte.dllbox
C:\windows\system32\enpzgrte.dllbox Has been deleted!
Attempting to delete C:\windows\system32\jkklk.dll
C:\windows\system32\jkklk.dll Has been deleted!
Attempting to delete C:\windows\system32\klkkj.ini
C:\windows\system32\klkkj.ini Has been deleted!
Attempting to delete C:\windows\system32\klkkj.ini2
C:\windows\system32\klkkj.ini2 Has been deleted!
Attempting to delete C:\windows\system32\oepmrgnj.dllbox
C:\windows\system32\oepmrgnj.dllbox Has been deleted!
Attempting to delete C:\windows\system32\wpychcud.dll
C:\windows\system32\wpychcud.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 11:58:51 PM 19/11/2007
Listing files found while scanning....
C:\windows\system32\enpzgrte.dll
C:\windows\system32\enpzgrte.dllbox
Beginning removal...
Attempting to delete C:\windows\system32\enpzgrte.dll
C:\windows\system32\enpzgrte.dll Has been deleted!
Attempting to delete C:\windows\system32\enpzgrte.dllbox
C:\windows\system32\enpzgrte.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 12:14:11 AM 20/11/2007
Listing files found while scanning....
No infected files were found.
Wiegenlied
2007-11-20, 08:06
Hi again.
Here is the HiJackThis Log, in case it's needed. Merci beacoup. :red:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:40 AM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Mike Fan\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [9025923a] rundll32.exe "C:\WINDOWS\system32\alteggkp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mikezumingfan.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135267613937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154266600859
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mikezumingfan.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11020 bytes
Regards! You guys are awesome :bigthumb:
Wiegenlied.
Wiegenlied
2007-11-23, 05:51
HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:07 PM, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ming\Desktop\Kataoka\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B0CD967-5A79-4B61-932C-6E594DC484FF} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9650BD65-C981-438A-BB16-F3F2E214C905} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [9025923a] rundll32.exe "C:\WINDOWS\system32\alteggkp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mikezumingfan.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135267613937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154266600859
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mikezumingfan.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ssqqnop - ssqqnop.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12536 bytes
Wiegenlied
2007-11-23, 06:29
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 22, 2007 10:39:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/11/2007
Kaspersky Anti-Virus database records: 464316
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 98097
Number of viruses found: 8
Number of infected objects: 35813
Number of suspicious objects: 0
Duration of the scan process: 02:11:44
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071122_Time-173833125_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071122_Time-173833125_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_APS250MFANLT.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_APS250MFANLT.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ming\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Ming\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-10ecf52d-223bc468.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ming\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-10ecf52d-223bc468.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ming\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-10ecf52d-223bc468.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ming\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-10ecf52d-223bc468.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Ming\Application Data\winantispyware2006freeinstall[1].exe Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Ming\Application Data\winantiviruspro2006freeinstall[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Ming\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Application Data\Microsoft\Windows Live Contacts\mikezumingfan@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Application Data\Microsoft\Windows Live Contacts\mikezumingfan@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\History\History.IE5\MSHist012007112220071123\index.dat Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe Infected: not-a-virus:Downloader.Win32.ImLoader.d skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF10DF.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF173D.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF2421.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF2C2C.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF3B78.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF40C4.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF481C.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF483F.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF5F37.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF6559.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DF6E81.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFB81C.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFC1A.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFC5AB.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFCB56.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFCB72.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFD36C.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFD943.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFE7C7.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFE7D6.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~DFF7.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temp\~WRS3145.tmp Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ming\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ming\My Documents\My Chat Logs\November 2007\sam_i_am_999@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Ming\My Documents\My Chat Logs\November 2007\tengjin88@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Ming\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ming\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP415\A0064921.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP415\A0064922.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP418\A0065195.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP422\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\'\#1 DVD Ripper 6.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\#1 DVD Ripper 6.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\.45 (2006) DVDRiP XviD.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\.45 (2006) DVDRiP XviD.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 - A View To A Kill.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 - A View To A Kill.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 - Casino Royale DVDR.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 - Casino Royale DVDR.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 - Licence To Kill DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 - Licence To Kill DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 - The World Is Not Enough DVDR.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 - The World Is Not Enough DVDR.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 - Tomorrow Never Dies DVDR.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 - Tomorrow Never Dies DVDR.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 Casino Royale DVDrip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 Casino Royale DVDrip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 DVD Copy 5.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 DVD Copy 5.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 DVD Maker v3.0.0.45.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 DVD Maker v3.0.0.45.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 Spy Software v3.86.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 Spy Software v3.86.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\007 Spy Software.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\007 Spy Software.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\008soft File Tree Printer v3.1.6.83.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\008soft File Tree Printer v3.1.6.83.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\024H Lucky Reminder v1.82.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\024H Lucky Reminder v1.82.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1 Click And Lock v2.81.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\1 Click And Lock v2.81.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1 Click Fixer PLUS v4.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\1 Click Fixer PLUS v4.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1-abc Hard Drive Washer v1.0.0.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\1-abc Hard Drive Washer v1.0.0.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1-abc Password Organizer v1.10.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\1-abc Password Organizer v1.10.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10 DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10 DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10 Items or Less (2006) DVDRip.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10 Items or Less (2006) DVDRip.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10 Items Or Less 2006 DVDSCR XviD-VideoCD.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10 Items Or Less 2006 DVDSCR XviD-VideoCD.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10 Items Or Less LIMITED DVD SCREENER XviD-VideoCD.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10 Items Or Less LIMITED DVD SCREENER XviD-VideoCD.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10 Items Or Less LIMITED DVDRip XViD-iMBT.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10 Items Or Less LIMITED DVDRip XViD-iMBT.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10 Things I Hate About You DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10 Things I Hate About You DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10-Strike LANState v3.6.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10-Strike LANState v3.6.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\100 Girls 2000 DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\100 Girls 2000 DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\101 MP3 Splitter and Joiner v2.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\101 MP3 Splitter and Joiner v2.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\101 Sexual Accidents DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\101 Sexual Accidents DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10th and Wolf DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10th and Wolf DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10th and Wolf DVDScr Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\10th and Wolf DVDScr Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1114 DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\1114 DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 Bulk Email Direct Sender 4.79.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\123 Bulk Email Direct Sender 4.79.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 DVD Clone v2.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\123 DVD Clone v2.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 DVD Converter v4.0.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\123 DVD Converter v4.0.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 Video Converter 4.3.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\123 Video Converter 4.3.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 Video Converter v4.02.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\123 Video Converter v4.02.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123Pet v6.0.4.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\123Pet v6.0.4.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123Pet v6.0.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\123Pet v6.0.5.zip ZIP: infected - 1 skipped
Wiegenlied
2007-11-23, 06:37
My Kaspersky Online Scanner log is WAY too big! I'll have to e-mail it or something; it takes up 430-some-odd pages on Microsoft Word with 5 point font! Will anyone reply and tell me what to do??
-[Desperate] Wiegenlied
Hello.
Because of the volume of posts to your own topic, it may have appeared you were already being assisted.
For people waiting who have not resolved their problem, we have a sticky topic:
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)
My Kaspersky Online Scanner log is WAY too big! I'll have to e-mail it or something; it takes up 430-some-odd pages on Microsoft Word with 5 point font! Will anyone reply and tell me what to do??
-[Desperate] Wiegenlied
Copy and paste that information in your next post if the content will take no more than two posts to do so.
If the result of your anti-virus scan is extremely long, please do not post it, but rather inform us when posting the HJT log.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
Cheers.