jpa2001
2008-12-03, 10:48
Dear all,
I was looking for some code for my myspace and went into this site that caused mayhem on my PC, with zone alarm alerting of various penetration which i denied. However I managed to switch off my PC and disconnected myself.
I have AVG, Ad-aware and Zone alarm.
Please see my Ad-aware last scan log, your help will be much appreciated.
Thks
Ad-Aware SE Build 1.06r1
Logfile Created on:03 December 2008 09:06:15
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R231 19.03.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
Virtumonde(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
03-12-2008 09:06:15 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-1844094128-116074222-615850093-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 412
ThreadCreationTime : 03-12-2008 08:28:25
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 03-12-2008 08:28:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 03-12-2008 08:28:30
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 03-12-2008 08:28:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 03-12-2008 08:28:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 03-12-2008 08:28:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 03-12-2008 08:28:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 820
ThreadCreationTime : 03-12-2008 08:28:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 864
ThreadCreationTime : 03-12-2008 08:28:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 928
ThreadCreationTime : 03-12-2008 08:28:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 03-12-2008 08:28:34
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1144
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 7.5.0.496
ProductVersion : 7.5.0.496
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1160
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:14 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1172
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 7.5.0.510
ProductVersion : 7.5.0.510
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:15 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 1228
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2000
OriginalFilename : SAgent2.exe
#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 03-12-2008 08:28:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1428
ThreadCreationTime : 03-12-2008 08:28:36
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:18 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\
ProcessID : 1460
ThreadCreationTime : 03-12-2008 08:28:37
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 268
ThreadCreationTime : 03-12-2008 08:28:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1888
ThreadCreationTime : 03-12-2008 08:29:15
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:21 [bcmsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 2120
ThreadCreationTime : 03-12-2008 08:29:21
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe
#:22 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2148
ThreadCreationTime : 03-12-2008 08:29:21
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:23 [vsnpstd.exe]
FilePath : C:\WINDOWS\
ProcessID : 2188
ThreadCreationTime : 03-12-2008 08:29:22
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : CameraMonitor Application
FileDescription : CameraMonitor MFC Application
InternalName : CameraMonitor
LegalCopyright : Copyright (C) 2003
OriginalFilename : CameraMonitor.EXE
#:24 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 2200
ThreadCreationTime : 03-12-2008 08:29:22
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch
#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2216
ThreadCreationTime : 03-12-2008 08:29:22
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:26 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_01\bin\
ProcessID : 2232
ThreadCreationTime : 03-12-2008 08:29:23
BasePriority : Normal
#:27 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 2264
ThreadCreationTime : 03-12-2008 08:29:23
BasePriority : Normal
FileVersion : 7.5.0.545
ProductVersion : 7.5.0.545
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2008 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:28 [loadwzco.exe]
FilePath : C:\Program Files\WinZip E-Mail Companion\
ProcessID : 2392
ThreadCreationTime : 03-12-2008 08:29:25
BasePriority : Normal
FileVersion : 3, 2, 0, 0
ProductVersion : 3, 2, 0, 0
ProductName : OEAPI
CompanyName : Nektra S.A./WinZip Computing, S.L.
FileDescription : WinZip E-Mail Companion OE launcher
InternalName : launcher
LegalCopyright : Copyright © 2004-2007 Nektra S.A
OriginalFilename : loadwzco.exe
#:29 [groovemonitor.exe]
FilePath : C:\Program Files\Microsoft Office\Office12\
ProcessID : 2420
ThreadCreationTime : 03-12-2008 08:29:26
BasePriority : Normal
#:30 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2476
ThreadCreationTime : 03-12-2008 08:29:26
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2500
ThreadCreationTime : 03-12-2008 08:29:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:32 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\
ProcessID : 2512
ThreadCreationTime : 03-12-2008 08:29:28
BasePriority : Normal
FileVersion : 1, 2, 1128, 5462
ProductVersion : 1, 2, 1128, 5462
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe
#:33 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2540
ThreadCreationTime : 03-12-2008 08:29:28
BasePriority : Normal
FileVersion : 3.0.0.216
ProductVersion : 3.0
ProductName : Skype
CompanyName : Skype Technologies S.A.
FileDescription : Skype. The whole world can talk for free.
InternalName : Skype.exe
LegalCopyright : (c) Skype Technologies S.A.
OriginalFilename : Skype.exe
#:34 [dslmon.exe]
FilePath : C:\Program Files\SAGEM\TalkTalk Broadband\
ProcessID : 2600
ThreadCreationTime : 03-12-2008 08:29:30
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright (C) 2000
OriginalFilename : ADIMON.EXE
#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2840
ThreadCreationTime : 03-12-2008 08:30:17
BasePriority : Normal
#:36 [wmplayer.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 3208
ThreadCreationTime : 03-12-2008 08:33:07
BasePriority : Normal
FileVersion : 10.00.00.3646
ProductVersion : 10.00.00.3646
ProductName : Microsoft(R) Windows Media Player
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.EXE
LegalCopyright : (C) Microsoft Corporation. All rights reserved.
OriginalFilename : WMPLAYER.EXE
#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 892
ThreadCreationTime : 03-12-2008 09:01:30
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
Virtumonde Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\shellexecutehooks
Value : {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
09:10:27 Scan stopped by user
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:11.797
Objects scanned:108290
Objects identified:3
Objects ignored:0
New critical objects:3
I was looking for some code for my myspace and went into this site that caused mayhem on my PC, with zone alarm alerting of various penetration which i denied. However I managed to switch off my PC and disconnected myself.
I have AVG, Ad-aware and Zone alarm.
Please see my Ad-aware last scan log, your help will be much appreciated.
Thks
Ad-Aware SE Build 1.06r1
Logfile Created on:03 December 2008 09:06:15
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R231 19.03.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
Virtumonde(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
03-12-2008 09:06:15 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-1844094128-116074222-615850093-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 412
ThreadCreationTime : 03-12-2008 08:28:25
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 03-12-2008 08:28:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 03-12-2008 08:28:30
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 03-12-2008 08:28:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 03-12-2008 08:28:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 03-12-2008 08:28:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 03-12-2008 08:28:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 820
ThreadCreationTime : 03-12-2008 08:28:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 864
ThreadCreationTime : 03-12-2008 08:28:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 928
ThreadCreationTime : 03-12-2008 08:28:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 03-12-2008 08:28:34
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1144
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 7.5.0.496
ProductVersion : 7.5.0.496
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1160
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:14 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1172
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 7.5.0.510
ProductVersion : 7.5.0.510
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:15 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 1228
ThreadCreationTime : 03-12-2008 08:28:35
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2000
OriginalFilename : SAgent2.exe
#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 03-12-2008 08:28:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1428
ThreadCreationTime : 03-12-2008 08:28:36
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:18 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\
ProcessID : 1460
ThreadCreationTime : 03-12-2008 08:28:37
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 268
ThreadCreationTime : 03-12-2008 08:28:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1888
ThreadCreationTime : 03-12-2008 08:29:15
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:21 [bcmsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 2120
ThreadCreationTime : 03-12-2008 08:29:21
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe
#:22 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2148
ThreadCreationTime : 03-12-2008 08:29:21
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:23 [vsnpstd.exe]
FilePath : C:\WINDOWS\
ProcessID : 2188
ThreadCreationTime : 03-12-2008 08:29:22
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : CameraMonitor Application
FileDescription : CameraMonitor MFC Application
InternalName : CameraMonitor
LegalCopyright : Copyright (C) 2003
OriginalFilename : CameraMonitor.EXE
#:24 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 2200
ThreadCreationTime : 03-12-2008 08:29:22
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch
#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2216
ThreadCreationTime : 03-12-2008 08:29:22
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:26 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_01\bin\
ProcessID : 2232
ThreadCreationTime : 03-12-2008 08:29:23
BasePriority : Normal
#:27 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 2264
ThreadCreationTime : 03-12-2008 08:29:23
BasePriority : Normal
FileVersion : 7.5.0.545
ProductVersion : 7.5.0.545
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2008 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:28 [loadwzco.exe]
FilePath : C:\Program Files\WinZip E-Mail Companion\
ProcessID : 2392
ThreadCreationTime : 03-12-2008 08:29:25
BasePriority : Normal
FileVersion : 3, 2, 0, 0
ProductVersion : 3, 2, 0, 0
ProductName : OEAPI
CompanyName : Nektra S.A./WinZip Computing, S.L.
FileDescription : WinZip E-Mail Companion OE launcher
InternalName : launcher
LegalCopyright : Copyright © 2004-2007 Nektra S.A
OriginalFilename : loadwzco.exe
#:29 [groovemonitor.exe]
FilePath : C:\Program Files\Microsoft Office\Office12\
ProcessID : 2420
ThreadCreationTime : 03-12-2008 08:29:26
BasePriority : Normal
#:30 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2476
ThreadCreationTime : 03-12-2008 08:29:26
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2500
ThreadCreationTime : 03-12-2008 08:29:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:32 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\
ProcessID : 2512
ThreadCreationTime : 03-12-2008 08:29:28
BasePriority : Normal
FileVersion : 1, 2, 1128, 5462
ProductVersion : 1, 2, 1128, 5462
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe
#:33 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2540
ThreadCreationTime : 03-12-2008 08:29:28
BasePriority : Normal
FileVersion : 3.0.0.216
ProductVersion : 3.0
ProductName : Skype
CompanyName : Skype Technologies S.A.
FileDescription : Skype. The whole world can talk for free.
InternalName : Skype.exe
LegalCopyright : (c) Skype Technologies S.A.
OriginalFilename : Skype.exe
#:34 [dslmon.exe]
FilePath : C:\Program Files\SAGEM\TalkTalk Broadband\
ProcessID : 2600
ThreadCreationTime : 03-12-2008 08:29:30
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright (C) 2000
OriginalFilename : ADIMON.EXE
#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2840
ThreadCreationTime : 03-12-2008 08:30:17
BasePriority : Normal
#:36 [wmplayer.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 3208
ThreadCreationTime : 03-12-2008 08:33:07
BasePriority : Normal
FileVersion : 10.00.00.3646
ProductVersion : 10.00.00.3646
ProductName : Microsoft(R) Windows Media Player
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.EXE
LegalCopyright : (C) Microsoft Corporation. All rights reserved.
OriginalFilename : WMPLAYER.EXE
#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 892
ThreadCreationTime : 03-12-2008 09:01:30
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
Virtumonde Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\shellexecutehooks
Value : {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
09:10:27 Scan stopped by user
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:11.797
Objects scanned:108290
Objects identified:3
Objects ignored:0
New critical objects:3