karadjordje
2008-11-10, 19:34
Hello everybody,
By my own mistake I think I have infected my laptop. I had an updated Avira AntiVir personal installed on my updated Vista SP2 business edition when I run a file I didn't deem suspicious because I have scanned its directory manually by Avira.
When I run the file I didn't get any warnings from Avira but from Windows Defender which detected and cleaned it as follows:
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
process:
pid:712
process:
pid:5848
regkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cmds
runkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cmds
file:
C:\Users\petar\AppData\Local\Temp\wvUnMfee.dll
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
regkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
runkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
file:
C:\Users\petar\AppData\Local\Temp\jkkICvVp.dll
After that I wasn't happy any more with Avira so I uninstalled it and downloaded ESET NOD32 30-day trial, updated it and scanned my computer:
Scan Log
Version of virus signature database: 3231 (20080701)
Date: 8.11.2008 Time: 18:52:06
Scanned disks, folders and files: C:\;D:\
C:\hiberfil.sys - error opening [4]
C:\dev\Python25\Lib\email\test\data\msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_30.txt » MIME » part000.txt » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_30.txt » MIME » part001.txt » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_38.txt » MIME » MIME » MIME » part000.txt - error reading archive
C:\dev\Python25\Lib\email\test\data\msg_38.txt » MIME » MIME » - error reading archive
C:\dev\Python25\Lib\test\testtar.tar » TAR » test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/ - archive damaged
C:\Program Files\The KMPlayer\KMPlayer.exe » ZIP - file is not an archive
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_830ce74a-6bd8-4950-a3d5-4213a5a0e1fd - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\LOGIN+sumadinac.dat - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\uros.dat - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_830ce74a-6bd8-4950-a3d5-4213a5a0e1fd - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\LOGIN+sumadinac.dat - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\uros.dat - error opening [4]
C:\Users\petar\NTUSER.DAT - error opening [4]
C:\Users\petar\ntuser.dat.LOG1 - error opening [4]
C:\Users\petar\ntuser.dat.LOG2 - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBOQCQZG\swflash[2].cab » CAB » FP_AX_CAB_INSTALLER.exe » NSIS - archive damaged
C:\Users\petar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SL56SRED\ISACLIENT-KB929556-ENU[1].EXE » CAB - file is not an archive
C:\Users\petar\AppData\Local\Microsoft\Windows Defender\FileTracker\{0520259C-76CA-43DE-A469-08232F64F584} - error opening [4]
C:\Users\petar\AppData\Local\Temp\etilqs_FKR9hi7OAGaPBj8NiHUS - error opening [4]
C:\Users\petar\AppData\Local\Temp\removalfile.bat - Win32/Adware.Virtumonde application - cleaned by deleting - quarantined [1]
C:\Users\petar\AppData\Roaming\Mozilla\Firefox\Profiles\xi1xs3kj.default\parent.lock - error opening [4]
C:\Users\petar\AppData\Roaming\Mozilla\Firefox\Profiles\xi1xs3kj.default\places.sqlite-journal - error opening [4]
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]
C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]
C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\drivers\sptd.sys - error opening [4]
C:\Windows\System32\restore\MachineGuid.txt - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\43A7EEE279F15546EE900076CA8CC2C8.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\6317F4B515BD547512FF3AE3ACD81242.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\73798C03E4DE5FDCF5194ADA9EBFB859.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\95CF8C2673B156E93407C44DA1171F14.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof - error opening [4]
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\DFS Replication.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\ODiag.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\OSession.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]
C:\Windows\winsxs\x86_microsoft-network-internet-access_31bf3856ad364e35_6.0.6000.16386_none_b85711c14117830d\cclitesetupui.exe » CAB - file is not an archive
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd - error opening [4]
D:\pagefile.sys - error opening [4]
D:\Games\CS 1.5\cd-client-4_17_1-en.exe » NSIS - bad archive
D:\Programs\Mobile\Motorola\MobileManager.zip » ZIP » run.exe » NSIS » isecur.dll - a variant of Win32/TrojanDownloader.Zlob.AHV trojan - was a part of the deleted object
D:\Programs\Multimedia\Players\KMPlayer\The_KMPlayer_1432_R2.exe » NSIS » KMPlayer.exe » ZIP - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_30.txt » MIME » part000.txt » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_30.txt » MIME » part001.txt » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_38.txt » MIME » MIME » MIME » part000.txt - error reading archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_38.txt » MIME » MIME » - error reading archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » testtar.tar » TAR » test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/ - archive damaged
D:\Programs\Programming\Python\Packages\matplotlib-0.91.2.win32-py2.5.exe » ZIP » PLATLIB/dateutil/zoneinfo/zoneinfo-2007f.tar.gz » GZIP » /home/niemeyer/src/dateutil/dateutil/zoneinfo/zoneinfo-2007f.tar » TAR » Atlantic/Faeroe » TAR » Indian/ - error reading archive
D:\Programs\Programming\Python\Packages\matplotlib-0.91.2.win32-py2.5.exe » ZIP » PLATLIB/dateutil/zoneinfo/zoneinfo-2007f.tar.gz » GZIP » /home/niemeyer/src/dateutil/dateutil/zoneinfo/zoneinfo-2007f.tar » TAR » - archive damaged
D:\Programs\Programming\WYSIWYG Online Editors\XStandard\x-pro.exe » NSIS - bad archive
D:\Video\Music\Benny Benassi - Satisfaction.wmv - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined
D:\_downloads\tcup.zip » ZIP » tcup4.3.exe » NSIS » Revelation.exe - Win32/PSWTool.SnadBoy.2011 application - was a part of the deleted object
D:\_downloads\tcup.zip » ZIP » tcup4.3.exe » NSIS » RevelationHelper.dll - Win32/PSWTool.SnadBoy.2011 application - was a part of the deleted object
D:\_downloads\tcup.zip » ZIP » tcup4.3.exe » NSIS » WinVNC.exe » ZIP » META-INF/ - archive damaged
D:\_downloads\vizster.wmv - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined
D:\_downloads\Web 2.0 - The Machine is Us(ing Us).wmv - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined
D:\_downloads\CryptLoad\router\FRITZ!Box\nc.exe - Win32/RemoteAdmin.NetCat application - cleaned by deleting - quarantined [1]
Number of scanned objects: 942885
Number of threats found: 40
Number of cleaned objects: 39
Time of completion: 20:31:08 Total scanning time: 5942 sec (01:39:02)
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
Today I run SpyBot S&D:
Hint of the Day: Click the bar at the right of this to see more information! ()
Virtumonde: [SBI $1F8EC695] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)
Tradedoubler: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-11-08 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-11-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-04 Includes\Malware.sbi (*)
2008-11-04 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-04 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-11-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
And before posting on this forum I wanted to give Malwarebytes' Anti-Malware a try and while it was working (I canceled it after 30 minutes) NOD32 real-time protection had this to say:
10.11.2008 17:51:18 Real-time file system protection file C:\Users\Public\Videos\Sample Videos\Lake.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:17 Real-time file system protection file C:\Users\Public\Videos\Sample Videos\Bear.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:16 Real-time file system protection file C:\Users\Public\Videos\Sample Videos\Butterfly.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:12 Real-time file system protection file C:\Users\Public\Music\Sample Music\Din Din Wo (Little Child).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:11 Real-time file system protection file C:\Users\Public\Music\Sample Music\Despertar.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:08 Real-time file system protection file C:\Users\Public\Music\Sample Music\Amanda.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:07 Real-time file system protection file C:\Users\Public\Music\Sample Music\Symphony_No_3.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:04 Real-time file system protection file C:\Users\Public\Music\Sample Music\One Step Beyond.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:59 Real-time file system protection file C:\Users\Public\Music\Sample Music\OAM's Blues.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:59 Real-time file system protection file C:\Users\Public\Music\Sample Music\Muita Bobeira.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:58 Real-time file system protection file C:\Users\Public\Music\Sample Music\Love Comes.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:58 Real-time file system protection file C:\Users\Public\Music\Sample Music\I Ka Barra (Your Work).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:55 Real-time file system protection file C:\Users\Public\Music\Sample Music\Distance.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:54 Real-time file system protection file C:\Users\Public\Music\Sample Music\I Guess You're Right.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:49:01 Real-time file system protection file C:\Users\petar\AppData\Local\VirtualStore\Windows\System32\wincxh32.rom Win32/TrojanDownloader.Small.OCS trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
And finally a fresh HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:29, on 10.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\BisonCam\BsMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\petar\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\dev\Aptana Studio\AptanaStudio.exe
C:\dev\Aptana Studio\jre\bin\javaw.exe
C:\dev\Python25\python.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\petar\AppData\Local\Screamer Radio\screamer.exe
C:\dev\Python25\python.exe
C:\Windows\hh.exe
C:\Users\petar\AppData\Local\Screamer Radio\screamer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\System32\mblctr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4480
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre\6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Users\petar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4042144296-3311917591-612435275-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'uros')
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre\6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre\6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Cntlm Authentication Proxy (cntlm) - Unknown owner - C:\Program Files\Cntlm\cygrunsrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: JNXXFU - Sysinternals - www.sysinternals.com - C:\Users\petar\AppData\Local\Temp\JNXXFU.exe
O23 - Service: Fortech Proxy+ (ProxyPlus) - FORTECH Ltd. - C:\Program Files\ProxyPlus\ProxyPlus.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5755 bytes
Thank you in advance,
Petar Djordjevic
By my own mistake I think I have infected my laptop. I had an updated Avira AntiVir personal installed on my updated Vista SP2 business edition when I run a file I didn't deem suspicious because I have scanned its directory manually by Avira.
When I run the file I didn't get any warnings from Avira but from Windows Defender which detected and cleaned it as follows:
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
process:
pid:712
process:
pid:5848
regkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cmds
runkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cmds
file:
C:\Users\petar\AppData\Local\Temp\wvUnMfee.dll
Category:
Trojan
Description:
This program displays advertisements and may be difficult to remove.
Advice:
Remove this software immediately.
Resources:
regkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
runkey:
HKCU@S-1-5-21-4042144296-3311917591-612435275-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
file:
C:\Users\petar\AppData\Local\Temp\jkkICvVp.dll
After that I wasn't happy any more with Avira so I uninstalled it and downloaded ESET NOD32 30-day trial, updated it and scanned my computer:
Scan Log
Version of virus signature database: 3231 (20080701)
Date: 8.11.2008 Time: 18:52:06
Scanned disks, folders and files: C:\;D:\
C:\hiberfil.sys - error opening [4]
C:\dev\Python25\Lib\email\test\data\msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_30.txt » MIME » part000.txt » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_30.txt » MIME » part001.txt » MIME » part000.txt » MIME - file is not an archive
C:\dev\Python25\Lib\email\test\data\msg_38.txt » MIME » MIME » MIME » part000.txt - error reading archive
C:\dev\Python25\Lib\email\test\data\msg_38.txt » MIME » MIME » - error reading archive
C:\dev\Python25\Lib\test\testtar.tar » TAR » test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/ - archive damaged
C:\Program Files\The KMPlayer\KMPlayer.exe » ZIP - file is not an archive
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_830ce74a-6bd8-4950-a3d5-4213a5a0e1fd - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\LOGIN+sumadinac.dat - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\uros.dat - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_830ce74a-6bd8-4950-a3d5-4213a5a0e1fd - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\LOGIN+sumadinac.dat - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\uros.dat - error opening [4]
C:\Users\petar\NTUSER.DAT - error opening [4]
C:\Users\petar\ntuser.dat.LOG1 - error opening [4]
C:\Users\petar\ntuser.dat.LOG2 - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\petar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBOQCQZG\swflash[2].cab » CAB » FP_AX_CAB_INSTALLER.exe » NSIS - archive damaged
C:\Users\petar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SL56SRED\ISACLIENT-KB929556-ENU[1].EXE » CAB - file is not an archive
C:\Users\petar\AppData\Local\Microsoft\Windows Defender\FileTracker\{0520259C-76CA-43DE-A469-08232F64F584} - error opening [4]
C:\Users\petar\AppData\Local\Temp\etilqs_FKR9hi7OAGaPBj8NiHUS - error opening [4]
C:\Users\petar\AppData\Local\Temp\removalfile.bat - Win32/Adware.Virtumonde application - cleaned by deleting - quarantined [1]
C:\Users\petar\AppData\Roaming\Mozilla\Firefox\Profiles\xi1xs3kj.default\parent.lock - error opening [4]
C:\Users\petar\AppData\Roaming\Mozilla\Firefox\Profiles\xi1xs3kj.default\places.sqlite-journal - error opening [4]
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]
C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]
C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\drivers\sptd.sys - error opening [4]
C:\Windows\System32\restore\MachineGuid.txt - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\43A7EEE279F15546EE900076CA8CC2C8.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\6317F4B515BD547512FF3AE3ACD81242.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\73798C03E4DE5FDCF5194ADA9EBFB859.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\95CF8C2673B156E93407C44DA1171F14.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof - error opening [4]
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\DFS Replication.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\ODiag.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\OSession.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]
C:\Windows\winsxs\x86_microsoft-network-internet-access_31bf3856ad364e35_6.0.6000.16386_none_b85711c14117830d\cclitesetupui.exe » CAB - file is not an archive
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd - error opening [4]
D:\pagefile.sys - error opening [4]
D:\Games\CS 1.5\cd-client-4_17_1-en.exe » NSIS - bad archive
D:\Programs\Mobile\Motorola\MobileManager.zip » ZIP » run.exe » NSIS » isecur.dll - a variant of Win32/TrojanDownloader.Zlob.AHV trojan - was a part of the deleted object
D:\Programs\Multimedia\Players\KMPlayer\The_KMPlayer_1432_R2.exe » NSIS » KMPlayer.exe » ZIP - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_28.txt » MIME » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_30.txt » MIME » part000.txt » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_30.txt » MIME » part001.txt » MIME » part000.txt » MIME - file is not an archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_38.txt » MIME » MIME » MIME » part000.txt - error reading archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » msg_38.txt » MIME » MIME » - error reading archive
D:\Programs\Programming\Game Engines\panda3d-1.5.0.exe » NSIS » testtar.tar » TAR » test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/ - archive damaged
D:\Programs\Programming\Python\Packages\matplotlib-0.91.2.win32-py2.5.exe » ZIP » PLATLIB/dateutil/zoneinfo/zoneinfo-2007f.tar.gz » GZIP » /home/niemeyer/src/dateutil/dateutil/zoneinfo/zoneinfo-2007f.tar » TAR » Atlantic/Faeroe » TAR » Indian/ - error reading archive
D:\Programs\Programming\Python\Packages\matplotlib-0.91.2.win32-py2.5.exe » ZIP » PLATLIB/dateutil/zoneinfo/zoneinfo-2007f.tar.gz » GZIP » /home/niemeyer/src/dateutil/dateutil/zoneinfo/zoneinfo-2007f.tar » TAR » - archive damaged
D:\Programs\Programming\WYSIWYG Online Editors\XStandard\x-pro.exe » NSIS - bad archive
D:\Video\Music\Benny Benassi - Satisfaction.wmv - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined
D:\_downloads\tcup.zip » ZIP » tcup4.3.exe » NSIS » Revelation.exe - Win32/PSWTool.SnadBoy.2011 application - was a part of the deleted object
D:\_downloads\tcup.zip » ZIP » tcup4.3.exe » NSIS » RevelationHelper.dll - Win32/PSWTool.SnadBoy.2011 application - was a part of the deleted object
D:\_downloads\tcup.zip » ZIP » tcup4.3.exe » NSIS » WinVNC.exe » ZIP » META-INF/ - archive damaged
D:\_downloads\vizster.wmv - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined
D:\_downloads\Web 2.0 - The Machine is Us(ing Us).wmv - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined
D:\_downloads\CryptLoad\router\FRITZ!Box\nc.exe - Win32/RemoteAdmin.NetCat application - cleaned by deleting - quarantined [1]
Number of scanned objects: 942885
Number of threats found: 40
Number of cleaned objects: 39
Time of completion: 20:31:08 Total scanning time: 5942 sec (01:39:02)
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
Today I run SpyBot S&D:
Hint of the Day: Click the bar at the right of this to see more information! ()
Virtumonde: [SBI $1F8EC695] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)
Tradedoubler: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-11-08 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-11-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-04 Includes\Malware.sbi (*)
2008-11-04 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-04 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-11-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
And before posting on this forum I wanted to give Malwarebytes' Anti-Malware a try and while it was working (I canceled it after 30 minutes) NOD32 real-time protection had this to say:
10.11.2008 17:51:18 Real-time file system protection file C:\Users\Public\Videos\Sample Videos\Lake.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:17 Real-time file system protection file C:\Users\Public\Videos\Sample Videos\Bear.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:16 Real-time file system protection file C:\Users\Public\Videos\Sample Videos\Butterfly.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:12 Real-time file system protection file C:\Users\Public\Music\Sample Music\Din Din Wo (Little Child).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:11 Real-time file system protection file C:\Users\Public\Music\Sample Music\Despertar.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:08 Real-time file system protection file C:\Users\Public\Music\Sample Music\Amanda.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:07 Real-time file system protection file C:\Users\Public\Music\Sample Music\Symphony_No_3.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:51:04 Real-time file system protection file C:\Users\Public\Music\Sample Music\One Step Beyond.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:59 Real-time file system protection file C:\Users\Public\Music\Sample Music\OAM's Blues.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:59 Real-time file system protection file C:\Users\Public\Music\Sample Music\Muita Bobeira.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:58 Real-time file system protection file C:\Users\Public\Music\Sample Music\Love Comes.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:58 Real-time file system protection file C:\Users\Public\Music\Sample Music\I Ka Barra (Your Work).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:55 Real-time file system protection file C:\Users\Public\Music\Sample Music\Distance.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:50:54 Real-time file system protection file C:\Users\Public\Music\Sample Music\I Guess You're Right.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
10.11.2008 17:49:01 Real-time file system protection file C:\Users\petar\AppData\Local\VirtualStore\Windows\System32\wincxh32.rom Win32/TrojanDownloader.Small.OCS trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
And finally a fresh HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:29, on 10.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\BisonCam\BsMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\petar\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\dev\Aptana Studio\AptanaStudio.exe
C:\dev\Aptana Studio\jre\bin\javaw.exe
C:\dev\Python25\python.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\petar\AppData\Local\Screamer Radio\screamer.exe
C:\dev\Python25\python.exe
C:\Windows\hh.exe
C:\Users\petar\AppData\Local\Screamer Radio\screamer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\System32\mblctr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4480
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre\6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Users\petar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4042144296-3311917591-612435275-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'uros')
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre\6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre\6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Cntlm Authentication Proxy (cntlm) - Unknown owner - C:\Program Files\Cntlm\cygrunsrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: JNXXFU - Sysinternals - www.sysinternals.com - C:\Users\petar\AppData\Local\Temp\JNXXFU.exe
O23 - Service: Fortech Proxy+ (ProxyPlus) - FORTECH Ltd. - C:\Program Files\ProxyPlus\ProxyPlus.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5755 bytes
Thank you in advance,
Petar Djordjevic