View Full Version : problems with Virtumonde 1 (HJT log)
I speak spanish, don´t speak english very well, sorry them.
1). The HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:10:12 p.m., on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\AntiVir PersonalEdition Classic\sched.exe
C:\Archivos de programa\AntiVir PersonalEdition Classic\avguard.exe
C:\Archivos de programa\CompacW\Servidor de Licencias\AdminPAQ\AppKeyLicenseServerAdminPAQ.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\dtsrvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Archivos de programa\Lexmark 8300 Series\lxcjmon.exe
C:\Archivos de programa\Lexmark 8300 Series\ezprint.exe
C:\Archivos de programa\Lexmark 8300 Series\lxcjmon .exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Archivos de programa\Lexmark 8300 Series\ezprint .exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers .exe
C:\Archivos de programa\Gateway\EzTune\DTHtml.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\HookManager.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PivotSoftware] "C:\Archivos de programa\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Archivos de programa\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Archivos de programa\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DT GWY] C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\DT_startup.exe -GWY
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DetectaFirewallAdminPAQ] "C:\Archivos de programa\CompacW\Servidor de Licencias\AdminPAQ\DetectaFirewall.exe" /boot
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174668633828
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://boveda.banamex.com.mx/mkdplus.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Archivos de programa\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Servidor de Licencias Compac - AdminPAQ (AppKeyLicenseServer_AdminPAQ) - Unknown owner - C:\Archivos de programa\CompacW\Servidor de Licencias\AdminPAQ\AppKeyLicenseServerAdminPAQ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Archivos de programa\Archivos comunes\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\STacSV.exe
--
End of file - 7292 bytes
The Kaspersky Report is to long i'll send you in other note
This is the Report:
2). KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 2:25:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 525897
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 104206
Number of viruses found 3
Number of infected objects 113
Number of suspicious objects 0
Duration of the scan process 01:41:59
Infected Object Name Virus Name Last Action
C:\Archivos de programa\AntiVir PersonalEdition Classic\avgnt.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Archivos de programa\Archivos comunes\Portrait Displays\Shared\DT_startup.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Archivos de programa\Lexmark 8300 Series\ezprint.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Archivos de programa\Lexmark 8300 Series\lxcjmon.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip/jxrpkecn.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Datos de programa\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Datos de programa\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Datos de programa\Yahoo\Widget Engine\Widget Data\Yahoo! Weather\location data.db Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Datos de programa\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Historial\History.IE5\MSHist012008012120080122\index.dat Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX44F2.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX44FC.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX4543.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX454A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX56.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX59.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX5C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX65.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX68.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX6E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX71.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX75.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX7E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX93.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX96.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCX9A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXA3.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXA6.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXA80.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXA83.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXA8F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXB73.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXB76.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXB82.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXBA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXBD.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXC9.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Configuración local\Temp\RCXCC.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Moroni Ceballos\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Mis documentos\INGLESA\Clientes\Ascencio\Pedido de Asencio 4.xls Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Mis documentos\Moroni\Descargas\IconCool.Studio.Pro.5.24\IconCool.Studio.Pro.5.24.zip/IconCool.Studio.Pro.5.24/install.exe Infected: not-virus:Hoax.Win32.Agent.p skipped
C:\Documents and Settings\Moroni Ceballos\Mis documentos\Moroni\Descargas\IconCool.Studio.Pro.5.24\IconCool.Studio.Pro.5.24.zip 7-Zip: infected - 1 skipped
C:\Documents and Settings\Moroni Ceballos\Mis documentos\Moroni\Descargas\Transformers The Game [Spanish]\Transformer The Game Spanish\Crack\Transformers.The_Game(crack)\install.exe Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\Mis documentos\Moroni\Descargas\Transformers The Game [Spanish]\Transformer The Game Spanish\Crack\Transformers.The_Game(crack).zip/Transformers.The_Game(crack)/install.exe Infected: not-virus:Hoax.Win32.Agent.p skipped
C:\Documents and Settings\Moroni Ceballos\Mis documentos\Moroni\Descargas\Transformers The Game [Spanish]\Transformer The Game Spanish\Crack\Transformers.The_Game(crack).zip 7-Zip: infected - 1 skipped
C:\Documents and Settings\Moroni Ceballos\Mis documentos\Moroni\Ventas\Ventas 2008.xls Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\ntuser.dat Object is locked skipped
C:\Documents and Settings\Moroni Ceballos\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP231\A0066287.exe Object is locked skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066768.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066769.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066771.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066772.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066773.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066774.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066775.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066796.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066798.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066799.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066800.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066801.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066802.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066803.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066829.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066830.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066831.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066832.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066833.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066834.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066835.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066860.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066861.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066862.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066863.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066864.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066865.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066866.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066886.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066888.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066889.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066890.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066891.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066892.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP243\A0066893.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0066918.dll Object is locked skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067887.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067888.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067889.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067890.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067891.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067892.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067893.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067894.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067895.exe Object is locked skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067907.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067910.dll Object is locked skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067917.dll Object is locked skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067920.dll Object is locked skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067936.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067938.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067939.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067940.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067941.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067942.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067943.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067944.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067950.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067952.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067953.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067955.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067956.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067957.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067958.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP244\A0067959.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068095.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068096.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068097.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068098.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068099.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068100.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068101.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\A0068102.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hkcmd.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\system32\igfxpers.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\system32\igfxtray.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_76c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{2023CC59-F028-429E-9C8A-CB54F5D9AF7E}\RP245\change.log Object is locked skipped
Scan process completed.