Hi my spybotS&D reported the cmdservice virus/trojan/aware.
How do I delete it? I you are willing to help me, you will have to teach me how to remove it step by step.
Hi my spybotS&D reported the cmdservice virus/trojan/aware.
How do I delete it? I you are willing to help me, you will have to teach me how to remove it step by step.
Hello.
Please see here:
Before you post a log
Cheers.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
Logfile of HijackThis v1.99.1
Scan saved at 22:10:15, on 26-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inet20009\services.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Antispyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F3 - REG:win.ini: run=C:\WINDOWS\inet20009\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Hello
Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
F3 - REG:win.ini: run=C:\WINDOWS\inet20009\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C:\WINDOWS\inet20009 < delete that folder
Post a fresh hijackthis log please, be sure to mention any current problems.
Logfile of HijackThis v1.99.1
Scan saved at 13:14:10, on 27-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Antispyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
No extra internet explorer's! yaay! Thnx a lot for your help
....but spybot still detects the command service, is this normal?
Also i read on the internet that command service alows other virusses and infections to enter my pc easily, and they are entering easily! New virusses every day, boohoo...
Last edited by W33bl; 2005-12-27 at 13:26.
Hi
Is it this detection SpyBot is finding ?
Command Service- mchInjDrv in HKLM-CurrentControlSet: http://forums.spybot.info/showthread.php?t=774
Get this free online and post its report
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Or Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx
select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and locations.
Hi heres the log of kaspersky, lots of virusses! :(
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 28, 2005 14:01:03
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/12/2005
Kaspersky Anti-Virus database records: 167972
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 82585
Number of viruses found: 41
Number of infected objects: 147
Number of suspicious objects: 0
Duration of the scan process: 4354 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Michiel\.housecall\Quarantine\C.tmp.bac_a01952 Infected: Trojan-Dropper.Win32.Small.zp
C:\Documents and Settings\Michiel\.housecall\Quarantine\child.dll.bac_a01952 Infected: Trojan-Downloader.Win32.Small.bug
C:\Documents and Settings\Michiel\.housecall\Quarantine\child[1].exe.bac_a01952 Infected: Trojan-Dropper.Win32.Small.ahg
C:\Documents and Settings\Michiel\.housecall\Quarantine\drsmartload[1].exe.bac_a01952 Infected: Trojan-Downloader.Win32.Adload.l
C:\Documents and Settings\Michiel\.housecall\Quarantine\E.tmp.bac_a01952 Infected: Trojan-Dropper.Win32.Small.ahg
C:\Documents and Settings\Michiel\.housecall\Quarantine\install[1].exe.bac_a01952 Infected: Trojan-Dropper.Win32.Agent.aed
C:\Documents and Settings\Michiel\.housecall\Quarantine\mng[1].exe.bac_a01952 Infected: Trojan-Proxy.Win32.Agent.hs
C:\Documents and Settings\Michiel\.housecall\Quarantine\paqpwk.exe.bac_a01952 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Documents and Settings\Michiel\.housecall\Quarantine\paradise.raw.bac_a01952 Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Michiel\.housecall\Quarantine\paradise[1].raw.bac_a01952 Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Michiel\.housecall\Quarantine\paytime.exe.bac_a01952 Infected: Trojan.Win32.StartPage.adi
C:\Documents and Settings\Michiel\.housecall\Quarantine\paytime[1].txt.bac_a01952 Infected: Trojan.Win32.StartPage.adi
C:\Documents and Settings\Michiel\.housecall\Quarantine\runsvc32[1].exe.bac_a01952 Infected: Trojan-Dropper.Win32.Small.zp
C:\Documents and Settings\Michiel\.housecall\Quarantine\spoolsrv32.exe.bac_a01952 Infected: not-a-virus:AdWare.Win32.FindSpy.e
C:\Documents and Settings\Michiel\.housecall\Quarantine\srpcsrv32.dll.bac_a01952 Infected: Trojan-Downloader.Win32.Agent.rm
C:\Documents and Settings\Michiel\.housecall\Quarantine\ssldr32.dll.bac_a01952 Infected: Trojan-Proxy.Win32.Agent.hs
C:\Documents and Settings\Michiel\.housecall\Quarantine\sywsvcs.exe.bac_a01952 Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Michiel\.housecall\Quarantine\tool3.exe.bac_a01952 Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Michiel\.housecall\Quarantine\tool3[1].txt.bac_a01952 Infected: Packed.Win32.Klone.b
END OF PART I
C:\Documents and Settings\Michiel\.housecall\Quarantine\toolbar.exe.bac_a01952 Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\Michiel\.housecall\Quarantine\toolbar[1].txt.bac_a01952 Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\Michiel\.housecall\Quarantine\txfdb32.dll.bac_a01952 Infected: Trojan-Downloader.Win32.Agent.rm
C:\Documents and Settings\Michiel\.housecall\Quarantine\wugwp.dat.bac_a01952 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Documents and Settings\Michiel\Local Settings\Temp\B.tmp Infected: Trojan-Downloader.Win32.CWS.s
C:\Documents and Settings\Michiel\Local Settings\Temp\svchst.exe Infected: Trojan-Downloader.Win32.Small.caf
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\0ZTJUMNT\cr-se121[1].exe/run.exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\0ZTJUMNT\cr-se121[1].exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\EDLYZE5G\211156[1].htm Infected: Trojan-Downloader.JS.IstBar.z
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\EDLYZE5G\prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\ETLUJ2DC\1[2].htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\H7RF1L0E\web[1].exe Infected: Trojan-Downloader.Win32.CWS.s
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\IPVGT4JE\get_40698_Trend.Micro.PC.Cillin.Internet.Security.2005.v12.1_crack[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\PCSJ95GT\10[1].exe Infected: Trojan-Downloader.Win32.Small.caf
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\QDQRUZ6N\ms1[1].txt Infected: Trojan-Downloader.Win32.Tiny.al
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\RBPFJP4S\drsmartloadb[1].exe Infected: Trojan-Downloader.Win32.Adload.l
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\RBPFJP4S\kl[1].txt Infected: Trojan-PSW.Win32.Agent.bu
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\S9EDQZ4J\hosts[1].txt Infected: Trojan.Win32.Qhost.el
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\S9EDQZ4J\xpladv470[1].wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\SRFNAC5P\free[1].anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Documents and Settings\Michiel\Local Settings\Temporary Internet Files\Content.IE5\SRFNAC5P\tool2[1].txt Infected: not-virus:Hoax.Win32.Renos.aj
C:\Downloads\Crack.patches.keygens\cr-se121.exe/run.exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Downloads\Crack.patches.keygens\cr-se121.exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Downloads\Setups\cr-se121.exe/run.exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Downloads\Setups\cr-se121.exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\Downloads\Setups\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\Downloads\Setups\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003164.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003164.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003164.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003164.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003165.exe/WISE0015.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003165.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003165.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003166.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003166.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003166.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003166.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003180.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003180.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003180.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003180.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003181.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003181.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003181.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003181.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003182.exe/WISE0015.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003182.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003182.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003183.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003183.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003183.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003183.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003184.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003184.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003184.exe/WISE0019.BIN/stream/data0007 Infected: not-a-virus:AdWare.Win32.ActivShopper.a
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003184.exe/WISE0019.BIN/stream/data0008 Infected: not-a-virus:AdWare.Win32.ActivShopper.a
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003184.exe/WISE0019.BIN/stream Infected: not-a-virus:AdWare.Win32.ActivShopper.a
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003184.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.ActivShopper.a
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003184.exe Infected: not-a-virus:AdWare.Win32.ActivShopper.a
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003185.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003185.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003185.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003185.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003186.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003186.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003186.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003186.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003187.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003187.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003187.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003187.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0023.BIN/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0023.BIN/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0023.BIN/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0023.BIN/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP44\A0003188.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003322.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003327.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003330.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003340.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003342.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003351.exe Infected: not-virus:Hoax.Win32.Renos.aj
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003352.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003353.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003354.exe Infected: Trojan-Dropper.Win32.Agent.aed
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003367.exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003370.exe Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003372.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003374.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003384.exe Infected: Trojan-Downloader.Win32.Tiny.al
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003385.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003386.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003393.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003396.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003408.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003410.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003419.dll Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003421.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003422.exe Infected: Trojan.Win32.StartPage.adi
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003423.exe Infected: not-a-virus:AdWare.Win32.FindSpy.e
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003424.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003425.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003426.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003427.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003428.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003435.dll Infected: Trojan-Downloader.Win32.Small.bug
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003441.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003443.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003455.dll Infected: not-a-virus:AdWare.Win32.Ihbo.gen
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003456.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003458.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003459.exe Infected: Trojan-Downloader.Win32.CWS.s
C:\System Volume Information\_restore{31CBBA23-1807-40BF-BA31-FD062EDA1913}\RP46\A0003477.exe Infected: Trojan-Downloader.Win32.Harnig.ax
C:\WINDOWS\kl.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\WINDOWS\system32\ipsiean.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\WINDOWS\system32\jvvjfcd.exe Infected: Trojan.Win32.Pakes
C:\WINDOWS\system32\kmqkf.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\WINDOWS\system32\ssldr32.dll Infected: Trojan-Proxy.Win32.Agent.hs
C:\WINDOWS\tool2.exe Infected: not-virus:Hoax.Win32.Renos.aj
Scan process completed.
END OF PART II
Hi
Delete these files >
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\Downloads\Setups\cr-se121.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\system32\ipsiean.dll
C:\WINDOWS\system32\jvvjfcd.exe
C:\WINDOWS\system32\kmqkf.dll
C:\WINDOWS\system32\ssldr32.dll
C:\WINDOWS\tool2.exe
C:\Downloads\Crack.patches.keygens\ < delete entire folder and never use any cracks from anywhere again or you will most certainly get infected once again, we can and do get infected just looking for them much less downloading.
Even if you had scanned them with ten antivirus programs found it to be safe something
would eventualy get in.
Download System Security Suite.
http://www.igorshpak.net/
If that site is unavailable use this link please
http://forums.subratam.org/index.php...=post&id=25013
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' (except perhaps cookies) tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.
If the pc is stable after about a week Purge the old System Restore points
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
Thank you for replying.
C:\WINDOWS\system32\kmqkf.dll < file is unse, can't delete it
C:\WINDOWS\system32\ssldr32.dll < no such file
Could you help me with those prob's?
Thnx!
Edit: I ran SpybotSD again, and it still shows command service, 2 entries.
I can't delete them, they are in use by my memory.
Last edited by W33bl; 2005-12-28 at 15:10.