Virtumonde malvare I think??

Status
Not open for further replies.
S

slasherkill

New member
I've used spy bot multiple times to erase it but it always comes back on my laptop. the anti virus has no effect, it doesn't even find it (NAV07) I think windows is updated with SP2. Thanks for your help. Very much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:22:10, on 24.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Symantec\LiveUpdate\ALuNotify.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Fuck you, you fucking fuck!! hahaha
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkkj.exe
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programfiler\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [f4baa897] rundll32.exe "C:\WINDOWS\system32\jgcjdywt.dll",b
O4 - HKLM\..\Run: [ALUAlert] C:\Programfiler\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm
O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Programfiler\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Programfiler\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programfiler\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7454 bytes
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 24, 2008 12:37:51 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/01/2008
Kaspersky Anti-Virus database records: 528083
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 68602
Number of viruses found: 7
Number of infected objects: 22
Number of suspicious objects: 0
Duration of the scan process: 02:53:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\LiveUpdate\2008-01-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtETmp\09D6A8D1.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtETmp\D871EE0B.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService.NT-MYNDIGHET\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT-MYNDIGHET\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT-MYNDIGHET\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT-MYNDIGHET\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Master\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Logg\History.IE5\MSHist012008012320080124\index.dat Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Messenger\slasherkill@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Messenger\slasherkill@hotmail.com\SharingMetadata\Working\database_88F4_BAB8_F4BA_A838\dfsr.db Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Messenger\slasherkill@hotmail.com\SharingMetadata\Working\database_88F4_BAB8_F4BA_A838\fsr.log Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Messenger\slasherkill@hotmail.com\SharingMetadata\Working\database_88F4_BAB8_F4BA_A838\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Messenger\slasherkill@hotmail.com\SharingMetadata\Working\database_88F4_BAB8_F4BA_A838\tmp.edb Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Windows Live Contacts\slasherkill@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Programdata\Microsoft\Windows Live Contacts\slasherkill@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\grskpiyabix.exe Infected: Backdoor.Win32.SdBot.crq skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\jxaxcgab.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\mirc631.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\~DF27DE.tmp Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\~DF27F8.tmp Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\~DF4E01.tmp Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\~DF593A.tmp Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\~DF5961.tmp Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\~DFB190.tmp Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temp\~DFE09D.tmp Object is locked skipped
C:\Documents and Settings\Master\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Master\Mine dokumenter\Hack\Accessdiver\ad4.170.exe Infected: not-a-virus:NetTool.Win32.AccessDiver.4170 skipped
C:\Documents and Settings\Master\Mine dokumenter\Hack\ad4.170.installer.exe/Stream/data0016 Infected: not-a-virus:NetTool.Win32.AccessDiver.4170 skipped
C:\Documents and Settings\Master\Mine dokumenter\Hack\ad4.170.installer.exe/Stream Infected: not-a-virus:NetTool.Win32.AccessDiver.4170 skipped
C:\Documents and Settings\Master\Mine dokumenter\Hack\ad4.170.installer.exe Inno: infected - 2 skipped
C:\Documents and Settings\Master\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Master\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT-MYNDIGHET\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT-MYNDIGHET\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT-MYNDIGHET\ntuser.dat.LOG Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programfiler\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3B6AFD25-1D92-495A-B047-C06D5B6244F8}\RP89\A0017075.exe Infected: Backdoor.Win32.SdBot.crq skipped
C:\System Volume Information\_restore{3B6AFD25-1D92-495A-B047-C06D5B6244F8}\RP97\A0017296.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{3B6AFD25-1D92-495A-B047-C06D5B6244F8}\RP97\A0017296.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{3B6AFD25-1D92-495A-B047-C06D5B6244F8}\RP97\A0017296.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{3B6AFD25-1D92-495A-B047-C06D5B6244F8}\RP98\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{99DE5D2D-CEE9-4C4E-AA68-1804D480E47C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\NTSecurity.exe Infected: Backdoor.Win32.IRCBot.auh skipped
C:\WINDOWS\system32\NTSpool.exe Infected: Backdoor.Win32.SdBot.crq skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Loader.exe Infected: Backdoor.Win32.IRCBot.avw skipped
C:\WINDOWS\TEMP\vid06er.exe Infected: Backdoor.Win32.SdBot.crq skipped
C:\WINDOWS\TEMP\winlorder.exe Infected: Backdoor.Win32.SdBot.crq skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\My Downloads\Utorrent\TuneUp Utilities 2007 + keygen\Keygen.exe/data.rar/Loader.exe Infected: Backdoor.Win32.IRCBot.avw skipped
F:\My Downloads\Utorrent\TuneUp Utilities 2007 + keygen\Keygen.exe/data.rar Infected: Backdoor.Win32.IRCBot.avw skipped
F:\My Downloads\Utorrent\TuneUp Utilities 2007 + keygen\Keygen.exe RarSFX: infected - 2 skipped

Scan process completed.
 
Status
Not open for further replies.
Back
Top