joakim900
2008-02-24, 16:21
I have followed the steps in the "before you post" thread, and the spybot S&D scan showed that i was infected by virtumonde.
Here are the reports to provide:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 24, 2008 12:35:53 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/02/2008
Kaspersky Anti-Virus database records: 577049
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 43865
Number of viruses found: 5
Number of infected objects: 37
Number of suspicious objects: 2
Duration of the scan process: 00:33:58
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip/ukwoqies.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Joakim H. Johansen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Logg\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temp\~DF8D2E.tmp Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temp\~DFD88.tmp Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\A0000009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\A0000022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5FD28F56-2A85-4F18-80A4-FABC0F41AD7D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\amdpbiwj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ckcxjmja.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dcmgsdvk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\dntgkwoh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\dxlldqlc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\eagqjggl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\edsrsyoc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\fahbcfqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\fiipvjch.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\gaushxyi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\ggemdgve.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\gkmegtyk.dll Infected: Trojan.Win32.Pakes.bwd skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\joxeknld.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\khsqpuam.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\llaunkml.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\lnnhvtby.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\muvqddtb.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\niifberr.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\niirjdmy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\omgrcgny.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\ppaomgfd.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\qcmakfsu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\qosbnbme.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\rtjbwjwl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\srsqersx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\tehudvcn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\tgftoykb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\ujrjcumf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\uotvtuuu.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\WINDOWS\system32\vreefoxm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wopctfdj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wxfdypgr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\xlrkqhkv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\xqlxbjvo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\xrvuyusl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08, on 24.02.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Giant antispy\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
E:\Giant antispy\gcasDtServ.exe
C:\Programfiler\Browser Mouse\moffice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Office Keyboard Driver\PS2USBKbdDrv.exe
C:\Programfiler\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wow.allakhazam.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A69FE53-2B35-43A7-BF08-03B3849B40DF} - (no file)
O2 - BHO: (no name) - {4D20D365-D9E0-41E4-9BDD-12080E786759} - (no file)
O2 - BHO: (no name) - {4E6A322E-532A-4488-92E7-AC1257DEAED1} - (no file)
O2 - BHO: (no name) - {531ED65A-6873-4FCB-8A0A-8D1C53FC9D54} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7575957D-83F9-4868-9A8E-1D5A8524C3D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81CC4ECE-306B-4ED3-AD8E-D15A88363CDF} - (no file)
O2 - BHO: (no name) - {86DDEDC0-C785-4FCE-A22D-8522B0958833} - (no file)
O2 - BHO: (no name) - {8F2D8267-F42C-4181-9B67-4BE15C231FE7} - (no file)
O2 - BHO: (no name) - {94E8765A-096C-4E38-8801-74F7F128B1A1} - (no file)
O2 - BHO: (no name) - {A87CAFD0-AC7B-4F7D-A595-211D7F27AFED} - (no file)
O2 - BHO: (no name) - {AA2441E1-C226-4DC4-B111-E5A3A4A57A00} - (no file)
O2 - BHO: (no name) - {ABB68206-5154-47D3-ABC5-611C1658ABA0} - (no file)
O2 - BHO: (no name) - {AFCB72CA-ABB0-43FF-8872-810B5986F1F7} - (no file)
O2 - BHO: (no name) - {B50F955F-59D2-45A6-A769-FD4F1F13D2F8} - (no file)
O2 - BHO: (no name) - {B7CE528B-7EA6-4491-B29A-873DE0C11337} - (no file)
O2 - BHO: (no name) - {BACB9817-1907-42A6-85C8-1EB1F7DF2A3F} - (no file)
O2 - BHO: (no name) - {BD330411-8998-45CD-A4E5-0818D646643C} - (no file)
O2 - BHO: (no name) - {DC5FDA44-0419-427C-A001-1F4CA204A424} - (no file)
O2 - BHO: (no name) - {E3D818EC-EBA8-4002-B605-7BFB41703CA1} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: (no name) - {F99B5340-D4ED-46FE-8A6E-8451217F88E6} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Giant antispy\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programfiler\Office Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [MEDIAMOUSE] C:\Programfiler\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [bcc21b4a] rundll32.exe "C:\WINDOWS\system32\atremghi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: iifdaax - iifdaax.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6918 bytes
Here are the reports to provide:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 24, 2008 12:35:53 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/02/2008
Kaspersky Anti-Virus database records: 577049
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 43865
Number of viruses found: 5
Number of infected objects: 37
Number of suspicious objects: 2
Duration of the scan process: 00:33:58
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip/ukwoqies.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Joakim H. Johansen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Logg\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temp\~DF8D2E.tmp Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temp\~DFD88.tmp Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Joakim H. Johansen\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programfiler\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\A0000009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\A0000022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5FD28F56-2A85-4F18-80A4-FABC0F41AD7D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\amdpbiwj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ckcxjmja.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dcmgsdvk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\dntgkwoh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\dxlldqlc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\eagqjggl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\edsrsyoc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\fahbcfqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\fiipvjch.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\gaushxyi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\ggemdgve.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\gkmegtyk.dll Infected: Trojan.Win32.Pakes.bwd skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\joxeknld.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\khsqpuam.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\llaunkml.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\lnnhvtby.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\muvqddtb.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\niifberr.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\niirjdmy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\omgrcgny.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\ppaomgfd.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\WINDOWS\system32\qcmakfsu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\qosbnbme.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\rtjbwjwl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\srsqersx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\tehudvcn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\tgftoykb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\ujrjcumf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\uotvtuuu.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\WINDOWS\system32\vreefoxm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wopctfdj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wxfdypgr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\xlrkqhkv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\xqlxbjvo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\xrvuyusl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{8E8168BC-A6D7-4493-AF87-718C033549DD}\RP1\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08, on 24.02.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Giant antispy\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
E:\Giant antispy\gcasDtServ.exe
C:\Programfiler\Browser Mouse\moffice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Office Keyboard Driver\PS2USBKbdDrv.exe
C:\Programfiler\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wow.allakhazam.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A69FE53-2B35-43A7-BF08-03B3849B40DF} - (no file)
O2 - BHO: (no name) - {4D20D365-D9E0-41E4-9BDD-12080E786759} - (no file)
O2 - BHO: (no name) - {4E6A322E-532A-4488-92E7-AC1257DEAED1} - (no file)
O2 - BHO: (no name) - {531ED65A-6873-4FCB-8A0A-8D1C53FC9D54} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7575957D-83F9-4868-9A8E-1D5A8524C3D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81CC4ECE-306B-4ED3-AD8E-D15A88363CDF} - (no file)
O2 - BHO: (no name) - {86DDEDC0-C785-4FCE-A22D-8522B0958833} - (no file)
O2 - BHO: (no name) - {8F2D8267-F42C-4181-9B67-4BE15C231FE7} - (no file)
O2 - BHO: (no name) - {94E8765A-096C-4E38-8801-74F7F128B1A1} - (no file)
O2 - BHO: (no name) - {A87CAFD0-AC7B-4F7D-A595-211D7F27AFED} - (no file)
O2 - BHO: (no name) - {AA2441E1-C226-4DC4-B111-E5A3A4A57A00} - (no file)
O2 - BHO: (no name) - {ABB68206-5154-47D3-ABC5-611C1658ABA0} - (no file)
O2 - BHO: (no name) - {AFCB72CA-ABB0-43FF-8872-810B5986F1F7} - (no file)
O2 - BHO: (no name) - {B50F955F-59D2-45A6-A769-FD4F1F13D2F8} - (no file)
O2 - BHO: (no name) - {B7CE528B-7EA6-4491-B29A-873DE0C11337} - (no file)
O2 - BHO: (no name) - {BACB9817-1907-42A6-85C8-1EB1F7DF2A3F} - (no file)
O2 - BHO: (no name) - {BD330411-8998-45CD-A4E5-0818D646643C} - (no file)
O2 - BHO: (no name) - {DC5FDA44-0419-427C-A001-1F4CA204A424} - (no file)
O2 - BHO: (no name) - {E3D818EC-EBA8-4002-B605-7BFB41703CA1} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: (no name) - {F99B5340-D4ED-46FE-8A6E-8451217F88E6} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Giant antispy\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programfiler\Office Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [MEDIAMOUSE] C:\Programfiler\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [bcc21b4a] rundll32.exe "C:\WINDOWS\system32\atremghi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: iifdaax - iifdaax.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6918 bytes