PC is running abnormaly slow + HJT

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

RKeano

Thread Starter
Joined
Apr 6, 2008
Messages
9
Hey guys, im new here, so let me get straight to the point:

I downloaded some kind of zip file, i know its stupid to have done that, opened it and started some exe, now, im pretty sure my pc is full of spyware now even malware.
For example: in taskmanager it shows that im using nearly a 100% continously, firefox shutsdown, internet pages wont load, when using iexplorer i get popups of some programma tellin me my pc's full of malware.
I havent got a virusscanner, i usually know what im doin, just this once i made a mistake...
Anybody got any suggestions of know any solutions?
With other words my pc's dead, and no i'm not formatting:p lol

Thanks in advance



HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:32:02, on 6-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Robert\Bureaublad\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16bca94c-096a-4260-85d1-e382aeb0bac4} - C:\WINDOWS\system32\tuvSklKE.dll
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\mlJYrqNe.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {3a741d26-e6f3-fe6b-9954-242b4e31c378} - {873c13e4-b242-4599-b6ef-3f6e62d147a3} - C:\WINDOWS\system32\ctcfiqhd.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: e404 helper - {c03fd59d-9104-44b7-929a-9eaa0ba05211} - C:\Program Files\Helper\1207247969.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolumeTouch] "C:\Program Files\VolumeTouch\VolumeTouch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM77816481] Rundll32.exe "C:\WINDOWS\system32\lfstmwnd.dll",s
O4 - HKLM\..\Run: [7951357E66730C535A51] Rundll32.exe "C:\WINDOWS\system32\horyodcv.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Robert\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: mlJYrqNe - C:\WINDOWS\SYSTEM32\mlJYrqNe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10312 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi Welcome to TSG!!


Download SDFix and save it to your Desktop.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back in your next reply.


NEXT



Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy the entire report and paste it in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

RKeano

Thread Starter
Joined
Apr 6, 2008
Messages
9
Ok heres sdfix:


SDFix: Version 1.167
Run by Robert on di 08-04-2008 at 18:48

Microsoft Windows XP [versie 5.1.2600]
Running From: C:\DOCUME~1\Robert\BUREAU~1\SDFix

Checking Services :

Name:
yeTyezzd

Path:
\??\C:\WINDOWS\yeTyezzd.sys

yeTyezzd - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\195784~1 - Deleted
C:\Program Files\Helper\1207247969.dll - Deleted
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
C:\WINDOWS\yeTyezzd.sys - Deleted

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use Gmer or Dr.Web CureIt


Folder C:\Program Files\Helper - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 19:36:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:a58ccc02
"s1"=dword:d6b25d82
"s2"=dword:7dca28cd
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a0,dd,cf,bb,6b,2b,a1,dd,7b,68,cc,f5,fe,c7,89,8d,cc,ed,c2,28,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c8,5e,a4,66,79,b4,50,55,10,6b,34,86,2c,3b,da,17,8e,..
"khjeh"=hex:2d,fa,ac,2c,8b,a9,9a,c8,21,81,1b,9b,c1,91,f9,9a,e5,63,f9,ae,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,68,a2,24,00,98,ce,2f,00,d8,ff,ff,ff,76,6b,0d,00,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a0,dd,cf,bb,6b,2b,a1,dd,7b,68,cc,f5,fe,c7,89,8d,cc,ed,c2,28,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c8,5e,a4,66,79,b4,50,55,10,6b,34,86,2c,3b,da,17,8e,..
"khjeh"=hex:2d,fa,ac,2c,8b,a9,9a,c8,21,81,1b,9b,c1,91,f9,9a,e5,63,f9,ae,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,10,46,2e,00,58,43,2e,00,e8,ff,ff,ff,6c,68,02,00,28,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 6


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"G:\\FM 08\\fm.exe"="G:\\FM 08\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"c:\\windows\\system32\\snrb6.exe"="c:\\windows\\system32\\snrb6.exe:*:Enabled:snrb6"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Robert\BUREAU~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Wed 30 Jan 2002 22,016 A..H. --- "C:\Program Files\Game Graphic Studio\borlndmm.dll"
Wed 30 Jan 2002 620,544 A..H. --- "C:\Program Files\Game Graphic Studio\stlpmt45.dll"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Mon 26 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue 5 Feb 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 6.3 public beta\REX Shared Library.dll"
Tue 20 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 8 Apr 2008 108 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT7D4.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT7D7.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT7D3.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50a703ac277c6aaae339fb8dcdfd2341\BIT7D6.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d980aeb9b19d6e59590a4be473461a8\BIT7D5.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT7D9.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7D8.tmp"
Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT7D2.tmp"

Finished!
 

RKeano

Thread Starter
Joined
Apr 6, 2008
Messages
9
Heres hijack jsut incase


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:41:15, on 8-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Robert\Bureaublad\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {b457e5b5-566b-50c8-48c4-e5a3f0edee21} - {12eede0f-3a5e-4c84-8c05-b6655b5e754b} - C:\WINDOWS\system32\jxfpakpp.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolumeTouch] "C:\Program Files\VolumeTouch\VolumeTouch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [7951357E66730C535A51] Rundll32.exe "C:\WINDOWS\system32\clgsehgu.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Robert\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10039 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click here to download Dr.Web CureIt and save it to your desktop.
  • Doubleclick the drweb-cureit.exe file and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.
 

RKeano

Thread Starter
Joined
Apr 6, 2008
Messages
9
The drweb one is attached
Hijack is down below

thank

btw im dutch, kinda think the report in in dutch but let me knwo whats up thanks




Hijack this:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:06:14, on 9-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\Robert\Bureaublad\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {b457e5b5-566b-50c8-48c4-e5a3f0edee21} - {12eede0f-3a5e-4c84-8c05-b6655b5e754b} - C:\WINDOWS\system32\jxfpakpp.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [7951357E66730C535A51] Rundll32.exe "C:\WINDOWS\system32\clgsehgu.dll",s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9069 bytes
 

Attachments

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
btw im dutch, kinda think the report in in dutch but let me knwo whats up thanks
I'll ask for help if I need some interpretation. :)


Please update your version of HJT.
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.



Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

RKeano

Thread Starter
Joined
Apr 6, 2008
Messages
9
Here u go:) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:05, on 9-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8398 bytes




and here:




ComboFix 08-04-08.10 - Robert 2008-04-09 19:57:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1256.20.1043.18.580 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Robert\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\#SharedObjects\NA9K4JRU\iforex.com
C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\#SharedObjects\NA9K4JRU\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\BM77816481.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\clgsehgu.dll
C:\WINDOWS\system32\ctcfiqhd.dll
C:\WINDOWS\system32\EKlkSvut.ini
C:\WINDOWS\system32\horyodcv.dll
C:\WINDOWS\system32\jxfpakpp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJYrqNe.dll
C:\WINDOWS\system32\mmqeptmb.dll
C:\WINDOWS\system32\tuvSklKE.dll
C:\WINDOWS\system32\yrytullo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{fbe1d620-5418-4aae-a0f0-316d590663a1}


(((((((((((((((((((( Bestanden Gemaakt van 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))
.

2008-04-09 17:54 . 2008-04-09 17:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 23:17 . 2008-04-09 07:32 <DIR> d-------- C:\Documents and Settings\Robert\DoctorWeb
2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 19:49 . 2008-04-08 19:49 3,648 --a------ C:\WINDOWS\system32\qlddfjvv.dll
2008-04-08 18:42 . 2008-04-08 18:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-06 13:44 . 2008-04-07 19:45 <DIR> d-------- C:\Program Files\iTunes
2008-04-06 13:44 . 2008-04-07 19:45 <DIR> d-------- C:\Program Files\iPod
2008-04-05 13:50 . 2008-04-06 13:44 <DIR> d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-04-04 15:45 . 2008-04-06 13:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 15:45 . 2008-04-04 15:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 15:43 . 2008-04-06 13:44 <DIR> d-------- C:\Program Files\iTunes(2)
2008-04-04 15:43 . 2008-04-06 13:44 <DIR> d-------- C:\Program Files\iPod(2)
2008-04-04 08:53 . 2008-04-09 19:55 3,333,783 --a------ C:\WINDOWS\system32\scolmpdain.xml
2008-04-04 00:12 . 2008-04-06 13:45 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2008-04-04 00:07 . 2008-04-06 13:45 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2008-04-03 20:38 . 2008-04-03 20:38 52,736 --a------ C:\WINDOWS\system32\snrb6.exe
2008-04-03 20:35 . 2008-04-03 20:35 <DIR> d-------- C:\Program Files\MP3-Slicer
2008-04-03 20:35 . 2008-04-03 20:35 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-04-03 20:01 . 2008-04-03 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-31 22:54 . 2008-03-31 22:54 <DIR> d-------- C:\DVDVideoSoft
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 19:14 . 2008-03-28 19:15 <DIR> d-------- C:\Program Files\Safari
2008-03-09 07:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-09 07:47 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-09 07:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-09 05:38 . 2008-03-13 07:40 <DIR> d-------- C:\WINDOWS\system32\nl-nl

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 18:13 --------- d-----w C:\Program Files\Java
2008-04-06 11:45 --------- d-----w C:\Program Files\QuickTime
2008-04-03 18:14 --------- d-----w C:\Documents and Settings\Robert\Application Data\Azureus
2008-04-02 11:41 --------- d-----w C:\Program Files\Azureus
2008-03-31 21:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 20:54 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 13:08 --------- d-----w C:\Documents and Settings\Robert\Application Data\Orbit
2008-03-13 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 15:14 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-08 12:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 12:05 --------- d-----w C:\Program Files\Windows Live
2008-03-08 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 20:12 --------- d-----w C:\Program Files\Phun
2008-02-16 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-15 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-03-09 13:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 20:43 90112]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 19:25 1211176]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 15:47 481280]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"Dit"="Dit.exe" [2002-08-28 14:43 73728 C:\WINDOWS\Dit.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:03 380928 C:\WINDOWS\system32\irprops.cpl]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 19:37 1836544]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 23:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]

C:\Documents and Settings\Robert\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Hare.lnk - C:\Program Files\Hare\Hare.exe [2002-09-21 13:26:40 1874381]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 23:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-06-24 16:23 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RssReader]
--a------ 2007-12-03 14:22 1868288 C:\Documents and Settings\Robert\Application Data\Qlikworld\RSSReader\RSSReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
--a------ 2006-07-06 20:07 195072 C:\Program Files\Softick\PPP\Bin\PPPGate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-05 13:17 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-19 23:21 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolumeTouch]
--a------ 2005-07-22 03:12 184320 C:\Program Files\VolumeTouch\VolumeTouch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"G:\\FM 08\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\windows\\system32\\snrb6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d848856a-8d1f-11dc-99c0-000c76a662fe}]
\Shell\AutoRun\command - L:\LaunchU3.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-04-04 10:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:00:27
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\System32\imapi.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-09 23:08:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 21:08:03
Pre-Run: 2,293,694,464 bytes beschikbaar
Post-Run: 2,125,082,624 bytes beschikbaar
.
2008-03-13 05:47:57 --- E O F ---
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Open Notepad and copy and paste the text in the quote box below into it:
KILLALL::

File::
C:\WINDOWS\system32\qlddfjvv.dll
C:\WINDOWS\system32\snrb6.exe

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.


Please perform a scan with Kaspersky Webscan Online Virus Scanner
  • Read the Requirements and Privacy statement, then select "Accept".
  • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
  • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
  • When the download is complete it will say ready, click "Next".
  • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
  • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
  • Click "OK".
  • Under "Select a target to scan", click on "My Computer".
  • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
 

RKeano

Thread Starter
Joined
Apr 6, 2008
Messages
9
Here u guys go, was kinda busy sorry fot that:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:05, on 9-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8398 bytes


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2008 at 01:44 AM

Application Version : 4.0.1154

Core Rules Database Version : 3435
Trace Rules Database Version: 1427

Scan type : Complete Scan
Total Scan Time : 03:16:47

Memory items scanned : 373
Memory threats detected : 0
Registry items scanned : 6368
Registry threats detected : 0
File items scanned : 378235
File threats detected : 181

Trojan.Media-Codec
C:\DOCUMENTS AND SETTINGS\ROBERT\DOCTORWEB\QUARANTINE\A0042090.EXE
C:\DOCUMENTS AND SETTINGS\ROBERT\DOCTORWEB\QUARANTINE\PMSNGR.EXE
M:\ROBERT BACKUP FEB 2007\LOCAL SETTINGS\TEMP\TEMP.FRD5E1\PMMON.EXE

Trojan.Vundo-Variant/F
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040329.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040362.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040688.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042179.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042181.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042184.DLL
S:\BACKUP\BACKUPPPPP\BACKUPPPPP\PROGRAM FILES\EWIDO\SECURITY SUITE\TRAY_DLL.DLL
S:\BACKUP\BACKUPPPPP\BACKUPPPPP\PROGRAM FILES\GOOGLE\GOOGLE EARTH PRO\ETSYSTEM.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040361.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040689.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042180.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042182.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042186.DLL

Adware.Vundo-Variant/E
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040690.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042084.DLL

Adware.Tracking Cookie
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\LocalService\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\LocalService\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\LocalService\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected]_media_player[1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected]www.mystats[1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt

Browser Hijacker.Favorites
M:\ROBERT BACKUP FEB 2007\FAVORIETEN\ONLINE SECURITY TEST.URL

Trojan.Unknown Origin
M:\ROBERT BACKUP FEB 2007\LOCAL SETTINGS\TEMP\TEMP.FRD5E1\OT.ICO
M:\ROBERT BACKUP FEB 2007\LOCAL SETTINGS\TEMP\TEMP.FRD5E1\TS.ICO
S:\BACKUP\BACKUPPPPP\BACKUPPPPP\WINDOWS\TELLER2.CHK

BearShare File Sharing Client
S:\BACKUP\BACKUPPPPP\BACKUPPPPP\DOCUMENTS AND SETTINGS\ROBERT\LOCAL SETTINGS\TEMP\IR_EXT_TEMP_0\AUTOPLAY\DOCS\ALL FIXES NEEDED\FIX BEARSHARE PRO V5.1.0.26\BEARSHARE.EXE

Trojan.Unclassified/Loader-Suspicious
S:\BACKUP\BACKUPPPPP\BACKUPPPPP\DOCUMENTS AND SETTINGS\ROBERT\LOCAL SETTINGS\TEMP\IR_EXT_TEMP_0\AUTOPLAY\DOCS\ALL FIXES NEEDED\MORPHEUS ULTRA V5.0 LOADER\LOADER.EXE

Adware.Unknown Origin
S:\BACKUP\BACKUPPPPP\BACKUPPPPP\PROGRAM FILES\COMMON FILES\ORUI\ORUID\CLASS-BARREL

Trojan.Downloader-Gen
S:\BACKUP\BACKUPPPPP\BACKUPPPPP\WINDOWS\SYSTEM32\WINSUB.XML

Adware.WhenU
S:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042105.EXE

TargetSaver, Inc. Process
S:\SYSTEM VOLUME INFORMATION\_RESTORE{618485BA-0F8C-4B00-92A4-477554FA1A46}\RP379\A0041760.EXE

Trace.Known Threat Sources
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\LBSM9LY0\footer_dots[1].gif
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\8P2YL6W5\shopica_logo_bott[1].gif
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\LBSM9LY0\shopica_logo_top[1].gif
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\8P2YL6W5\style[2].css
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\4Z74VV4W\ads[1].htm
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\F4WUNFH8\sp[1].gif
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\F4WUNFH8\search[1].htm
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\4Z74VV4W\js[1].js
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\WLWPYRG1\loaderbb[2].htm
M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\45KVCJ8J\wintod[1].exe
 

RKeano

Thread Starter
Joined
Apr 6, 2008
Messages
9
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 1:21:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 696523
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
K:\
M:\
S:\

Scan Statistics:
Total number of scanned objects: 389550
Number of viruses found: 34
Number of infected objects: 107
Number of suspicious objects: 0
Duration of the scan process: 04:11:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Robert\Bureaublad\SDFix\backups\backups.zip/backups/1207247969.dll Infected: not-a-virus:AdWare.Win32.E404.f skipped
C:\Documents and Settings\Robert\Bureaublad\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Robert\Bureaublad\****\MrX- Internet troy 1.zip/Msn Update.zip/Msn Update.exe Infected: Backdoor.Win32.VB.art skipped
C:\Documents and Settings\Robert\Bureaublad\****\MrX- Internet troy 1.zip/Msn Update.zip Infected: Backdoor.Win32.VB.art skipped
C:\Documents and Settings\Robert\Bureaublad\****\MrX- Internet troy 1.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Robert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Robert\DoctorWeb\Quarantine\A0042098.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Robert\DoctorWeb\Quarantine\SmileyCentralFFSetup2.1.50.3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbdam Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbdao Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbeam Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbeao Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbm Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\fii.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\hp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\dfsr.db Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\fsr.log Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\tmp.edb Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Geschiedenis\History.IE5\MSHist012008041120080412\index.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DF19EE.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DF1A0D.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DF989.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DF9F1.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DFA7FB.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DFF08E.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Robert\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Image-Line\FL Studio 7\crack.exe/rBot.exe Infected: Backdoor.Win32.Rbot.bqa skipped
C:\Program Files\Image-Line\FL Studio 7\crack.exe CAB: infected - 1 skipped
C:\Program Files\TVersity\Media Server\db\medialib.db Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\clgsehgu.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctcfiqhd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\horyodcv.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jxfpakpp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mmqeptmb.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\snrb6.exe.vir Infected: Trojan-Clicker.Win32.Delf.ug skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yrytullo.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-09_230016.00.zip/Documents and Settings/Robert/Bureaublad/catchme.zip/yeTyezzd.sys Infected: Trojan-Clicker.Win32.Costrat.ff skipped
C:\QooBox\Quarantine\catchme2008-04-09_230016.00.zip/Documents and Settings/Robert/Bureaublad/catchme.zip Infected: Trojan-Clicker.Win32.Costrat.ff skipped
C:\QooBox\Quarantine\catchme2008-04-09_230016.00.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP409\A0043343.exe Infected: Trojan-Clicker.Win32.Delf.ug skipped
C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043397.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043398.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{45531259-2BA5-472A-B6BE-27195004D304}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7133.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\TVersityMediaServer.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\Big Files\fl.studio.xxl.producer.edition.7.rc6.updated.2.crack-tsrh.zip/crack.exe/rBot.exe Infected: Backdoor.Win32.Rbot.bqa skipped
M:\Big Files\fl.studio.xxl.producer.edition.7.rc6.updated.2.crack-tsrh.zip/crack.exe Infected: Backdoor.Win32.Rbot.bqa skipped
M:\Big Files\fl.studio.xxl.producer.edition.7.rc6.updated.2.crack-tsrh.zip ZIP: infected - 2 skipped
M:\Robert Backup feb 2007\Local Settings\Temp\8BB.tmp Infected: Backdoor.Win32.Agent.aee skipped
M:\Robert Backup feb 2007\Local Settings\Temp\8BE.tmp Infected: Backdoor.Win32.Agent.aee skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043399.exe Infected: Trojan-Downloader.Win32.Zlob.bet skipped
M:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043406.exe Infected: Backdoor.Win32.Agent.aee skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar/spdhook.dll Infected: Trojan-PSW.Win32.Stealer.i skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar/UnInstall.exe Infected: Trojan-PSW.Win32.Stealer.i skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar/lpr123.exe Infected: Trojan-PSW.Win32.Stealer.i skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar Infected: Trojan-PSW.Win32.Stealer.i skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin Infected: Trojan-PSW.Win32.Stealer.i skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe EmbeddedEXE: infected - 5 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip ZIP: infected - 4 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip ZIP: infected - 4 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip ZIP: infected - 3 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\install.exe/data0001.bin/file77 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\install.exe/data0001.bin Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\install.exe EmbeddedEXE: infected - 2 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\SuperFast.zip/SuperFast Shotdown/setup.exe/data0002 Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\SuperFast.zip/SuperFast Shotdown/setup.exe Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\SuperFast.zip RAR: infected - 2 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Limewire\MAGIX music maker 2004 deLuxe.zip/MAGIX music maker 2004 deLuxe/Magix Music Maker 2004 Crack.EXE Infected: Trojan.BAT.Delwin.ci skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Limewire\MAGIX music maker 2004 deLuxe.zip ZIP: infected - 1 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip ZIP: infected - 4 skipped
S:\Stuff\Limewire\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
S:\Stuff\Progs\bsplayer141.832.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
S:\Stuff\Progs\bsplayer141.832.exe NSIS: infected - 1 skipped
S:\Stuff\Progs\CCNumber_Gen.zip/2_Credit_Card_Number_Generator_4.0/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/1/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/2/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/3/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/4/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/5/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/6/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/7/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip/8/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
S:\Stuff\Progs\CCNumber_Gen.zip ZIP: infected - 9 skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/rock.exe/pwdump2/samdump.dll Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/rock.exe/pwdump2/pwdump2.exe Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/rock.exe Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/RockXP4.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
S:\Stuff\Progs\MGVPatch.rar RAR: infected - 10 skipped
S:\Stuff\Progs\pcast.exe Infected: not-a-virus:AdWare.Win32.Dudu.f skipped
S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe/WISE0019.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe/WISE0019.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe/WISE0035.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
S:\Stuff\Progs\vtp3.zip ZIP: infected - 4 skipped
S:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042099.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042100.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042102.exe Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042103.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042104.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe NSIS: infected - 7 skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042112.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042113.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped

Scan process completed.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Open Notepad and copy and paste the text in the quote box below into it:
KILLALL::

File::
C:\Documents and Settings\Robert\Bureaublad\****\MrX- Internet troy 1.zip
C:\Documents and Settings\Robert\DoctorWeb\Quarantine\A0042098.exe
C:\Documents and Settings\Robert\DoctorWeb\Quarantine\SmileyCentralFFSetup2.1.50.3.exe
C:\Program Files\Image-Line\FL Studio 7\crack.exe
M:\Big Files\fl.studio.xxl.producer.edition.7.rc6.updated.2.crack-tsrh.zip
M:\Robert Backup feb 2007\Local Settings\Temp\8BB.tmp
M:\Robert Backup feb 2007\Local Settings\Temp\8BE.tmp
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\install.exe
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\SuperFast.zip
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Limewire\MAGIX music maker 2004 deLuxe.zip
S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip
S:\Stuff\Limewire\TOTALLY HIP TRACK.wma
S:\Stuff\Progs\bsplayer141.832.exe
S:\Stuff\Progs\MGVPatch.rar
S:\Stuff\Progs\pcast.exe
S:\Stuff\Progs\vtp3.zip

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

OTMoveIt2 by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405



Now you should Clean up your PC

Let me know if you are still having any problems.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top