Virtumondo hard edition

H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0003989.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0003997.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0003999.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004004.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004106.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004117.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004124.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004125.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004127.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004130.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004143.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004144.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004145.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004146.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004147.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004148.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004151.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004170.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004171.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004172.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004173.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004174.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004175.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004176.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004196.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP32\A0004216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004320.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004322.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004323.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004325.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004326.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004328.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004329.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004332.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004335.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004338.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004340.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004341.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004343.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004344.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004345.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004346.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004348.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004349.exe Infected: Trojan.Win32.Agent.aoy skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004350.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004355.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP33\A0004605.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004690.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004691.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004692.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004693.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004696.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004698.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004699.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004700.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP34\A0004702.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP38\A0004933.exe Infected: Trojan.Win32.Patched.af skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP38\A0004934.exe Infected: Trojan.Win32.Patched.af skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP38\A0004935.exe Infected: Trojan.Win32.Patched.af skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP39\change.log Object is locked skipped
H:\VundoFix Backups\cisdit.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\VundoFix Backups\dcomapi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\VundoFix Backups\mprrbk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\VundoFix Backups\vturopn.dll.bad Infected: Trojan-Downloader.Win32.ConHook.bg skipped
H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
H:\WINDOWS\SchedLgU.Txt Object is locked skipped
H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\default Object is locked skipped
H:\WINDOWS\system32\config\default.LOG Object is locked skipped
H:\WINDOWS\system32\config\SAM Object is locked skipped
H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\SECURITY Object is locked skipped
H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
H:\WINDOWS\system32\config\software Object is locked skipped
H:\WINDOWS\system32\config\software.LOG Object is locked skipped
H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\system Object is locked skipped
H:\WINDOWS\system32\config\system.LOG Object is locked skipped
H:\WINDOWS\system32\h323log.txt Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
H:\WINDOWS\WindowsUpdate.log Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi larssov

random/random is on holiday and I'll handle this thread meanwhile.

Empty these folders:

H:\VundoFix Backups
H:\QooBox\Quarantine

Delete these files:

H:\Hijack\backups\backup-20070805-173145-652.dll
H:\HijackThis\backups\backup-20070728-161550-356.dll
H:\HijackThis\backups\backup-20070805-054453-621.dll
H:\HijackThis\backups\backup-20070805-054453-842.dll
H:\HijackThis\backups\backup-20070805-054637-633.dll
H:\HijackThis\backups\backup-20070805-061008-514.dll
H:\HijackThis\backups\backup-20070805-200929-961.dll
H:\HijackThis\backups\backup-20070805-214024-185.dll
H:\HijackThis\backups\backup-20070805-215034-816.dll
H:\HijackThis\backups\backup-20070805-215055-138.dll
H:\HijackThis\backups\backup-20070805-215202-368.dll
H:\HijackThis\backups\backup-20070805-215559-724.dll
H:\HijackThis\backups\backup-20070805-215759-974.dll
H:\HijackThis\backups\backup-20070805-221346-932.dll
H:\HijackThis\backups\backup-20070805-222731-768.dll
H:\HijackThis\backups\backup-20070805-222755-546.dll
H:\HijackThis\backups\backup-20070805-222955-984.dll
H:\HijackThis\backups\backup-20070805-223551-905.dll
H:\HijackThis\backups\backup-20070806-205753-601.dll
H:\HijackThis\backups\backup-20070806-211351-525.dll
H:\HijackThis\backups\backup-20070806-211400-937.dll
H:\HijackThis\backups\backup-20070806-214344-614.dll
H:\HijackThis\backups\backup-20070806-221157-782.dll
H:\HijackThis\backups\backup-20070806-222655-402.dll
H:\HijackThis\backups\backup-20070806-222708-797.dll
H:\HijackThis\backups\backup-20070806-222723-923.dll
H:\HijackThis\backups\backup-20070806-222735-436.dll
H:\HijackThis\backups\backup-20070807-210943-153.dll

Empty Recycle Bin

Install one antivirus and one firewall from below:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo
2) Sunbelt/Kerio
3) Agnitum
4) ZoneAlarm

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

After that, re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Kaspy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:55, on 2007-08-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program\Intel\NCS\PROSet\PRONoMgr.exe
H:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
H:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program\D-Tools\daemon.exe
H:\Program\Java\jre1.6.0_02\bin\jusched.exe
H:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\Program\AVG7\avgcc.exe
H:\Program\Comodo\Firewall\CPF.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program\Personal\bin\Personal.exe
H:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program\AVG7\avgamsvr.exe
H:\Program\AVG7\avgupsvc.exe
H:\Program\Comodo\Firewall\cmdagent.exe
H:\Program\Analog Devices\SoundMAX\SMAgent.exe
H:\WINDOWS\System32\svchost.exe
H:\Program\Delade filer\Teleca Shared\Generic.exe
H:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program\MSN Messenger\msnmsgr.exe
H:\Program\MSN Messenger\usnsvc.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PRONoMgr.exe] H:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS Probe] H:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] H:\Program\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\Program\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Personal.lnk = H:\Program\Personal\bin\Personal.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\Program\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\Program\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - H:\Program\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - H:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - H:\Program\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4671 bytes
 
Hjt

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 19, 2007 5:22:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/08/2007
Kaspersky Anti-Virus database records: 385119
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 90275
Number of viruses found: 4
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:26:37

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP41\change.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP41\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{037264E8-5ECB-4A17-8DAE-5675BA25E7B8}\RP40\A0016082.exe Object is locked skipped
E:\System Volume Information\_restore{037264E8-5ECB-4A17-8DAE-5675BA25E7B8}\RP40\A0016083.exe Object is locked skipped
E:\System Volume Information\_restore{037264E8-5ECB-4A17-8DAE-5675BA25E7B8}\RP40\A0016091.exe Object is locked skipped
E:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP41\change.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Azureus\ipfilter.cache Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Azureus\tmp\AZU38114.tmp Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Azureus\tmp\AZU38115.tmp Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Azureus\tmp\AZU38116.tmp Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Azureus\tmp\AZU38117.tmp Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Azureus\tmp\AZU38118.tmp Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Azureus\tmp\AZU38119.tmp Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
H:\Documents and Settings\Victor\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
H:\Documents and Settings\Victor\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Messenger\testudent@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Messenger\testudent@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Messenger\testudent@hotmail.com\SharingMetadata\Working\database_14E4_3EC3_E43E_A740\dfsr.db Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Messenger\testudent@hotmail.com\SharingMetadata\Working\database_14E4_3EC3_E43E_A740\fsr.log Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Messenger\testudent@hotmail.com\SharingMetadata\Working\database_14E4_3EC3_E43E_A740\fsrtmp.log Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Messenger\testudent@hotmail.com\SharingMetadata\Working\database_14E4_3EC3_E43E_A740\tmp.edb Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Windows Live Contacts\testudent@hotmail.com\real\members.stg Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Application Data\Microsoft\Windows Live Contacts\testudent@hotmail.com\shadow\members.stg Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Temp\hsperfdata_Victor\1776 Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Temp\~DF7345.tmp Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Temp\~DF7351.tmp Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Temp\~DF8CCE.tmp Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Temp\~DF98B2.tmp Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Temp\~DF9921.tmp Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Victor\Lokala inställningar\Tidigare\History.IE5\MSHist012007081920070820\index.dat Object is locked skipped
H:\Documents and Settings\Victor\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\Victor\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\Victor\Skrivbord\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
H:\Documents and Settings\Victor\Skrivbord\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
H:\Documents and Settings\Victor\Skrivbord\SmitfraudFix.zip ZIP: infected - 1 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP38\A0004933.exe Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP38\A0004934.exe Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP38\A0004935.exe Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004983.dll Infected: not-a-virus:AdWare.Win32.Agent.db skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004984.dll Infected: not-a-virus:AdWare.Win32.BHO.cz skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004985.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004986.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004988.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004989.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004990.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004991.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004992.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004993.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004994.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004995.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004996.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004997.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004998.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0004999.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005000.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005001.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005002.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005003.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005004.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005005.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005006.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005007.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005008.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005009.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005010.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005011.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005012.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005013.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005014.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005015.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005016.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005018.dll Object is locked skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP40\A0005019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
H:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP41\change.log Object is locked skipped
H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
H:\WINDOWS\SchedLgU.Txt Object is locked skipped
H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\default Object is locked skipped
H:\WINDOWS\system32\config\default.LOG Object is locked skipped
H:\WINDOWS\system32\config\SAM Object is locked skipped
H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\SECURITY Object is locked skipped
H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
H:\WINDOWS\system32\config\software Object is locked skipped
H:\WINDOWS\system32\config\software.LOG Object is locked skipped
H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\system Object is locked skipped
H:\WINDOWS\system32\config\system.LOG Object is locked skipped
H:\WINDOWS\system32\h323log.txt Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
H:\WINDOWS\WindowsUpdate.log Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{32FD04AE-367C-420E-97B0-C5894323361E}\RP41\change.log Object is locked skipped

Scan process completed.
 
Hi

Logs look good.

All viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top