Trojan.Inject,Trojan.Kobcka,Heur,jl.chura.pl
Last Updated: Mar 21 2009 14:12, Started by
rusty_hawk
, Mar 19 2009 22:44
·
0
![](https://forum.softpedia.com//public/style_images/classic/icon_users.png)
#1
Posted 19 March 2009 - 22:44
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Am reusit sa iau virusi dupa o perioada lunga de timp:D
Aveam instalat AVG free care a detectat Heur si jL.chura.pl .Nu a reusit sa le stearga ,doar jL.chura.pl a fost sters intr-un final cu Bitdefender... care s-a oprit la urmatorii de jos. [System]=]C:\WINDOWS\System32\svchost.exe (memory dump) Trojan.Inject.IA No action was possible [System]=]C:\WINDOWS\System32\svchost.exe (full dump) Trojan.Inject.IA No action was possible [System]=]C:\WINDOWS\System32\svchost.exe (memory dump) Trojan.Kobcka.FM No action was possible [System]=]C:\WINDOWS\System32\svchost.exe (full dump) Trojan.Kobcka.FM No action was possible C:\WINDOWS\system32\7.tmp Backdoor.Bot.88071 Deleted C:\WINDOWS\system32\svchost.exe=]:ext.exe Gen:Trojan.Heur.P30609FCFCF Deleted C:\WINDOWS\system32\3.tmp Win32.Mydoom.ACH Deleted C:\WINDOWS\system32\6.tmp Win32.Mydoom.ACH Deleted C:\WINDOWS\system32\9.tmp Win32.Mydoom.ACH Deleted C:\WINDOWS\system32\A.tmp Win32.Mydoom.ACH Deleted Problema este ca imi pica internetul la un interval de 30min,timp in care mi se blocheaza si calculatorul,imi creeaza .tmp in genul "3.tmp",postez ce mi-a aparut in HIJ Logfile of Trend Micro HiJackThis v2.0.2 Scan saved at 10:24:14 PM, on 3/19/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DCPFLICS\dcpflics.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\PnkBstrA.exe H:\3D max\plugins\Brazil\sfmgr.exe C:\Program Files\Java\jre6\bin\jusched.exe H:\bdefender\bdagent.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe H:\bdefender\vsserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe H:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv.dcn.ro/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\ndetect.exe,C:\WINDOWS\system32\hhupd.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - H:\bdefender\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] H:\Winamp\winampa.exe O4 - HKLM\..\Run: [COMODO Internet Security] "H:\Comodo\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [BDAgent] "H:\bdefender\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "H:\bdefender\IEShow.exe" O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RGSC] D:\Jocuri\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7F69F9-FE02-4596-AE33-AC51B15190E1}: NameServer = 86.104.27.1,193.19.192.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: dvxagb - dvxagb.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - H:\Comodo\COMODO Internet Security\cmdagent.exe (file missing) O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files\DCPFLICS\dcpflics.exe O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\3D max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing) O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: BitDefender Threat Scanner (scan) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - H:\3D max\plugins\Brazil\sfmgr.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing) O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - H:\bdefender\vsserv.exe O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe |
#2
Posted 20 March 2009 - 00:02
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Cred ca ai un file injector ce a modificat fisierele sistemului...
Pune urmatoarele fisiere intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza. Quote C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\rs32net.exe C:\Documents and Settings\Hawk\reader_s.exe C:\WINDOWS\system32\svchost.exe:ext.exe NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM ! Dupa ce ai facut asta si numai dupa ce faci asta... Descarca: ComboFix si salveaza-l pe Desktop. Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: Quote File:: C:\WINDOWS\System32\rs32net.exe C:\Documents and Settings\Hawk\reader_s.exe C:\WINDOWS\system32\svchost.exe:ext.exe Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos. [ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ] Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis. |
#3
Posted 21 March 2009 - 02:39
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
nu am mai procedat asa....aveam o imagine la C mai veche si am revenit pe aia.doar ca de virusi nu am scapat decat pt cateva ore.
ce am descoperit este ca virusul trimite mailuri la un ip ...83.242.139.27....cel care are ip-ul e din rusia si daca dau un netstat imi apare asta : " TCP yo:2523 bw-in-f101.google.com:http ESTABLISHED TCP yo:2524 74.125.13.31:http ESTABLISHED TCP yo:2528 e2.member.vip.mud.yahoo.com:https ESTABLISHED TCP yo:2530 65.54.234.11:https TIME_WAIT TCP yo:2531 84.53.182.90:http ESTABLISHED TCP yo:2269 jL.chura.pl:2270 ESTABLISHED TCP yo:2270 jL.chura.pl:2269 ESTABLISHED TCP yo:2274 jL.chura.pl:2275 ESTABLISHED TCP yo:2275 jL.chura.pl:2274 ESTABLISHED TCP yo:5152 jL.chura.pl:1393 CLOSE_WAIT " |
#4
Posted 21 March 2009 - 02:49
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Descarca a-squared de AICI.
Faci update apoi dai deep scan,bifezi dupa scanare toate elementele gasite si remove. Este necesar sa revii dupa aceea cu logu acestuia pe care-l salvezi la sfarsitu scanarii. Sa ai system restore oprit,nu-ti deschide adresa de e-mail. Dupa ce face update a-squared scoate internetu si apoi dai full scan. Asteptam logu sa vedem e pe acolo. Edited by E_manuel1, 21 March 2009 - 02:50. |
#5
Posted 21 March 2009 - 10:21
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
nu am mai procedat asa....aveam o imagine la C mai veche si am revenit pe aia.doar ca de virusi nu am scapat decat pt cateva ore. ce am descoperit este ca virusul trimite mailuri la un ip ...83.242.139.27....cel care are ip-ul e din rusia Daca nu procedezi cum ti se spune, de ce mai ceri ajutor ? ![]() |
#6
Posted 21 March 2009 - 12:36
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
#7
Posted 21 March 2009 - 14:09
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 2:05:58 PM, on 3/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE H:\a-squared Free\a2service.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DCPFLICS\dcpflics.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe H:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv.dcn.ro/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\hhupd.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] H:\Winamp\winampa.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RGSC] D:\Jocuri\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User '?') O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?') O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?') O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [RGSC] D:\Jocuri\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent (User '?') O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?') O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User 'Default user') O4 - S-1-5-21-1645522239-448539723-725345543-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7F69F9-FE02-4596-AE33-AC51B15190E1}: NameServer = 86.104.27.1,193.19.192.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files\DCPFLICS\dcpflics.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\3D max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8987 bytes si reportul de la a a-squared a-squared Free - Version 4.0 Last update: 3/21/2009 9:55:01 AM Scan settings: Objects: Memory, Traces, Cookies, C:\, D:\, F:\, G:\, H:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 3/21/2009 10:13:54 AM [1596] C:\WINDOWS\Explorer.EXE detected: Trojan.Win32.Patched!IK [1824] C:\WINDOWS\system32\RUNDLL32.EXE detected: Virus.Win32.Virut!IK [5668] C:\WINDOWS\system32\ctfmon.exe detected: Exploit.Win32.IMG-WMF!IK [620] C:\WINDOWS\System32\alg.exe detected: Virus.Win32.Virut.ak!IK [2860] C:\Program Files\Internet Explorer\iexplore.exe detected: Trojan-Spy.Win32.Banker.RM!IK [78860] C:\WINDOWS\system32\NOTEPAD.EXE detected: W32.Virut!IK c:\documents and settings\hawk\application data\bsplayer pro detected: Trace.Directory.BSplayer!A2 c:\documents and settings\hawk\start menu\programs\webteh detected: Trace.Directory.BSplayer!A2 c:\documents and settings\all users\start menu\programs\ultravnc detected: Trace.Directory.UltraVNC!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server detected: Trace.Directory.UltraVNC!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer detected: Trace.Directory.UltraVNC!A2 c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder detected: Trace.Directory.Yahoo Message Archive Decoder!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server.lnk detected: Trace.File.UltraVNC!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server\install winvnc service.lnk detected: Trace.File.UltraVNC!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server\remove winvnc service.lnk detected: Trace.File.UltraVNC!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer.lnk detected: Trace.File.UltraVNC!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer\run ultravnc viewer (listen mode).lnk detected: Trace.File.UltraVNC!A2 c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer\show ultravnc viewer help.lnk detected: Trace.File.UltraVNC!A2 c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder\ yahoo message archive decoder.lnk detected: Trace.File.Yahoo Message Archive Decoder!A2 c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder\purchase yahoo message archive decoder.lnk detected: Trace.File.Yahoo Message Archive Decoder!A2 c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder\what's new in this release.lnk detected: Trace.File.Yahoo Message Archive Decoder!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\INA --> yahoodecode detected: Trace.Registry.Yahoo Message Archive Decoder!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> DisplayName detected: Trace.Registry.Yahoo Message Archive Decoder!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> DisplayVersion detected: Trace.Registry.Yahoo Message Archive Decoder!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> NSIS:StartMenuDir detected: Trace.Registry.Yahoo Message Archive Decoder!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> Publisher detected: Trace.Registry.Yahoo Message Archive Decoder!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> UninstallString detected: Trace.Registry.Yahoo Message Archive Decoder!A2 c:\documents and settings\hawk\application data\bsplayer pro\eq.xml detected: Trace.File.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival --> BSplayerCDDA detected: Trace.Registry.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Action detected: Trace.Registry.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> DefaultIcon detected: Trace.Registry.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeProgID detected: Trace.Registry.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeVerb detected: Trace.Registry.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Provider detected: Trace.Registry.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName detected: Trace.Registry.BSplayer!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString detected: Trace.Registry.BSplayer!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07!A2 Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07!A2 C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt detected: Trace.TrackingCookie.atdmt!A2 C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt detected: Trace.TrackingCookie.doubleclick!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:35 detected: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:36 detected: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:161 detected: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:177 detected: Trace.TrackingCookie.m.webtrends.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:299 detected: Trace.TrackingCookie.media!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:341 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:342 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:343 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:346 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:398 detected: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1228918444203125 detected: Trace.TrackingCookie.count!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1228984156921875 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1230242567218750 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1230622484953125 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1231931758921875 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1231934235484375 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1232465293703125 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1233271175640626 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234615717671875 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234720147812501 detected: Trace.TrackingCookie.media!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234736762593750 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234738536859375 detected: Trace.TrackingCookie.humanclick!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234828990781250 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234862670328125 detected: Trace.TrackingCookie.com!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234870840343750 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235032997250000 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235033552484375 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235044504343750 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235050015796875 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235050073781250 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235050276875000 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235128774000000 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552595870513 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552669698638 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552809448638 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552920823638 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237595217265625 detected: Trace.TrackingCookie.pop!A2 C:\Documents and Settings\Hawk\Local Settings\Temporary Internet Files\Content.IE5\J549CGTG\abb[1].txt detected: Trojan-PWS.Papras!IK C:\Documents and Settings\Hawk\Local Settings\Temporary Internet Files\Content.IE5\NLVRNITX\em[1].txt detected: Packed.Win32.Krap!IK C:\Documents and Settings\Hawk\Local Settings\Temporary Internet Files\Content.IE5\SMAJAY7H\ge[1].txt detected: Packed.Win32.Krap!IK C:\Program Files\Internet Explorer\IEXPLORE.EXE detected: Trojan-Spy.Win32.Banker.RM!IK C:\Program Files\Movie Maker\moviemk.exe detected: Trojan-Downloader.Win32.Banload!IK C:\Program Files\Outlook Express\msimn.exe detected: Email-Worm.Win32.Tanatos.B!IK C:\Program Files\Outlook Express\wab.exe detected: Trojan-Dropper.Agent!IK C:\Program Files\Windows Media Player\setup_wm.exe detected: Win32.Cadoiac.A!IK C:\Program Files\Windows Media Player\wmplayer.exe detected: Virus.Win32.VB.dl!IK C:\Program Files\Windows NT\Accessories\wordpad.exe detected: Virus.Win32.Virut.q!IK C:\Program Files\Windows NT\hypertrm.exe detected: Virus.Win32.Virut.q!IK C:\Program Files\Windows NT\Pinball\PINBALL.EXE detected: Virus.Win32.Virut.n!IK C:\Program Files\WinRAR\Uninstall.exe detected: Backdoor.Win32.PoeBot.A!IK C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe detected: Trojan.Win32.Patched!IK C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe detected: W32.Virut!IK C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\$NtUninstallKB925720$\magnify.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\$NtUninstallKB925720$\utilman.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\$NtUninstallKB938828$\explorer.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe detected: Trojan-Downloader.Win32.Banload!IK C:\WINDOWS\explorer.exe detected: Trojan.Win32.Patched!IK C:\WINDOWS\HideWin.exe detected: Trojan-Downloader.Win32.Banload!IK C:\WINDOWS\inf\unregmp2.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe detected: Win32.SuspectCrc!IK C:\WINDOWS\msagent\agentsvr.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\mui\muisetup.exe detected: W32.Virut!IK C:\WINDOWS\NOTEPAD.EXE detected: W32.Virut!IK C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agentsvr.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\alg.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\cleanmgr.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\cmdl32.exe detected: W32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ctfmon.exe detected: Backdoor.Win32.Popwin!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\dlimport.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe detected: Trojan.Win32.Patched!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ftp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\iexplore.exe detected: Trojan-Spy.Win32.Banker.RM!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ilasm.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\logon.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\magnify.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\migwiz.exe detected: Win32.Virtob.2!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\migwiza.exe detected: Win32.Virtob.2!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mnmsrvc.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mobsync.exe detected: W32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\moviemk.exe detected: Trojan-Downloader.Win32.Banload!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mplay32.exe detected: Virus.Win32.DeadCode.b!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mqsvc.exe detected: Backdoor.Win32.Frauder!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msdtc.exe detected: Backdoor.Win32.Frauder!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msiexec.exe detected: W32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msimn.exe detected: Email-Worm.Win32.Tanatos.B!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msiregmv.exe detected: W32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\muisetup.exe detected: W32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\net.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ngen.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\notepad.exe detected: W32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\pinball.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\powercfg.exe detected: Virus.Win32.Socks.BA!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\rcp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\reg.exe detected: Win32.Virtob.8!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\rsh.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sessmgr.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\setup_wm.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sigverif.exe detected: W32.Virut!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sndrec32.exe detected: Virus.Win32.DeadCode.b!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ssmarque.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ssmyst.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\taskkill.exe detected: Virus.Win32.Socks.BA!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tasklist.exe detected: Virus.Win32.Socks.BA!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\taskmgr.exe detected: Riskware.Server-FTP.Win32.Serv-U.50011!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tourstrt.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\unregmp2.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ups.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\vssvc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wab.exe detected: Trojan-Dropper.Agent!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wextract.exe detected: Backdoor.Win32.Hupigon!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wiaacmgr.exe detected: Trojan-Downloader.Win32.Banload!IK C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wmplayer.exe detected: Virus.Win32.VB.dl!IK C:\WINDOWS\system32\ahui.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\alg.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\arp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\atmadm.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\blastcln.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\chkntfs.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\cidaemon.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\cleanmgr.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\system32\clipsrv.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\cmmon32.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\Com\comrereg.exe detected: Win32.Virut.R!IK C:\WINDOWS\system32\compact.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\control.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\convert.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ctfmon.exe detected: Exploit.Win32.IMG-WMF!IK C:\WINDOWS\system32\dcomcnfg.exe detected: Win32.Virut.R!IK C:\WINDOWS\system32\diantz.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\agentsvr.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\dllcache\ahui.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\alg.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\arp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\atmadm.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\blastcln.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\chkntfs.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\cidaemon.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\cleanmgr.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\system32\dllcache\clipsrv.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\cmmon32.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\compact.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\comrereg.exe detected: Win32.Virut.R!IK C:\WINDOWS\system32\dllcache\control.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\convert.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ctfmon.exe detected: Exploit.Win32.IMG-WMF!IK C:\WINDOWS\system32\dllcache\dcomcnfg.exe detected: Win32.Virut.R!IK C:\WINDOWS\system32\dllcache\diantz.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\drwtsn32.exe detected: Virus.Win32.Virut.bo!IK C:\WINDOWS\system32\dllcache\eudcedit.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\eventvwr.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\evntwin.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\explorer.exe detected: Trojan.Win32.Patched!IK C:\WINDOWS\system32\dllcache\fontview.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ftp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\helpsvc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ie4uinit.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\dllcache\iexplore.exe detected: Trojan-Spy.Win32.Banker.RM!IK C:\WINDOWS\system32\dllcache\ipconfig.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ipv6.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\logon.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\lpq.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\lpr.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\magnify.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\dllcache\makecab.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\migwiz.exe detected: Win32.Virtob.2!IK C:\WINDOWS\system32\dllcache\migwiz_a.exe detected: Win32.Virtob.2!IK C:\WINDOWS\system32\dllcache\mmc.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\mnmsrvc.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\system32\dllcache\mobsync.exe detected: W32.Virut!IK C:\WINDOWS\system32\dllcache\moviemk.exe detected: Trojan-Downloader.Win32.Banload!IK C:\WINDOWS\system32\dllcache\mplay32.exe detected: Virus.Win32.DeadCode.b!IK C:\WINDOWS\system32\dllcache\mqsvc.exe detected: Backdoor.Win32.Frauder!IK C:\WINDOWS\system32\dllcache\msconfig.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\msdtc.exe detected: Backdoor.Win32.Frauder!IK C:\WINDOWS\system32\dllcache\mshearts.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\msiexec.exe detected: Virus.Win32.Virtob!IK C:\WINDOWS\system32\dllcache\msimn.exe detected: Email-Worm.Win32.Tanatos.B!IK C:\WINDOWS\system32\dllcache\msiregmv.exe detected: W32.Virut!IK C:\WINDOWS\system32\dllcache\mspaint.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\mstsc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\mtstocom.exe detected: Win32.Virut.R!IK C:\WINDOWS\system32\dllcache\muisetup.exe detected: W32.Virut!IK C:\WINDOWS\system32\dllcache\net.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\netdde.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\notepad.exe detected: W32.Virut!IK C:\WINDOWS\system32\dllcache\notiflag.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\nppagent.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ntbackup.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\nwscript.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\dllcache\oobebaln.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\pinball.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\system32\dllcache\powercfg.exe detected: Virus.Win32.Socks.BA!IK C:\WINDOWS\system32\dllcache\rcimlby.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\rcp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\reg.exe detected: Win32.Virtob.8!IK C:\WINDOWS\system32\dllcache\regsvr32.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\rexec.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\rsh.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\rsm.exe detected: Win32.Virtob.8!IK C:\WINDOWS\system32\dllcache\rstrui.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\rundll32.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\dllcache\savedump.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\sdbinst.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\services.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\sessmgr.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\setup.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\setup_wm.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\system32\dllcache\sfc.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\shutdown.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\sigverif.exe detected: W32.Virut!IK C:\WINDOWS\system32\dllcache\skeys.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\smi2smir.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\sndrec32.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\sol.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\spider.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\spnpinst.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ssbezier.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ssflwbox.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ssmarque.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ssmyst.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\sysinfo.exe detected: Virus.Win32.Socks.BA!IK C:\WINDOWS\system32\dllcache\sysocmgr.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\system32\dllcache\taskmgr.exe detected: Riskware.Server-FTP.Win32.Serv-U.50011!IK C:\WINDOWS\system32\dllcache\tourstrt.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\system32\dllcache\tracert.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\tsdiscon.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\unregmp2.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\system32\dllcache\uploadm.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\upnpcont.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\ups.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\dllcache\userinit.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\vssvc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\wab.exe detected: Trojan-Dropper.Agent!IK C:\WINDOWS\system32\dllcache\wbemtest.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\wextract.exe detected: Backdoor.Win32.Hupigon!IK C:\WINDOWS\system32\dllcache\wiaacmgr.exe detected: Trojan-Downloader.Win32.Banload!IK C:\WINDOWS\system32\dllcache\winlogon.exe detected: Trojan.Win32.Patched!IK C:\WINDOWS\system32\dllcache\wmiadap.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\wmiapsrv.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\wmiprvse.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\wmplayer.exe detected: Virus.Win32.VB.dl!IK C:\WINDOWS\system32\dllcache\wordpad.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\wpabaln.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\dllcache\wupdmgr.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\drwtsn32.exe detected: Virus.Win32.Virut.bo!IK C:\WINDOWS\system32\eudcedit.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\eventvwr.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\fontview.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ftp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\ie4uinit.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\ipconfig.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ipv6.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\logon.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\lpq.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\lpr.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\magnify.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\makecab.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\mmc.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\mnmsrvc.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\system32\mobsync.exe detected: W32.Virut!IK C:\WINDOWS\system32\mplay32.exe detected: Virus.Win32.DeadCode.b!IK C:\WINDOWS\system32\mqsvc.exe detected: Backdoor.Win32.Frauder!IK C:\WINDOWS\system32\msdtc.exe detected: Backdoor.Win32.Frauder!IK C:\WINDOWS\system32\mshearts.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\msiexec.exe detected: Virus.Win32.Virtob!IK C:\WINDOWS\system32\mspaint.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\mstsc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\net.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\netdde.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\notepad.exe detected: W32.Virut!IK C:\WINDOWS\system32\npp\nppagent.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ntbackup.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\nwscript.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\oobe\oobebaln.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\powercfg.exe detected: Virus.Win32.Socks.BA!IK C:\WINDOWS\system32\rcimlby.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\rcp.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\reg.exe detected: Win32.Virtob.8!IK C:\WINDOWS\system32\regsvr32.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\Restore\rstrui.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\rexec.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\rsh.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\rsm.exe detected: Win32.Virtob.8!IK C:\WINDOWS\system32\rundll32.exe detected: Virus.Win32.Virut!IK C:\WINDOWS\system32\savedump.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\sdbinst.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\sessmgr.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\setup.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\sfc.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\shutdown.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\sigverif.exe detected: W32.Virut!IK C:\WINDOWS\system32\skeys.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\sndrec32.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\sol.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\spider.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\spnpinst.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ssbezier.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ssflwbox.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ssmarque.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ssmyst.scr detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\sysocmgr.exe detected: Win32.Cadoiac.A!IK C:\WINDOWS\system32\systeminfo.exe detected: Virus.Win32.Socks.BA!IK C:\WINDOWS\system32\taskmgr.exe detected: Riskware.Server-FTP.Win32.Serv-U.50011!IK C:\WINDOWS\system32\tourstart.exe detected: Virus.Win32.Virut.n!IK C:\WINDOWS\system32\tracert.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\tsdiscon.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\upnpcont.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\ups.exe detected: Virus.Win32.Virut.ak!IK C:\WINDOWS\system32\userinit.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\usmt\migwiz.exe detected: Win32.Virtob.2!IK C:\WINDOWS\system32\usmt\migwiz_a.exe detected: Win32.Virtob.2!IK C:\WINDOWS\system32\vssvc.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\wbem\wbemtest.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\wbem\wmiadap.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\wbem\wmiapsrv.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\wextract.exe detected: Backdoor.Win32.Hupigon!IK C:\WINDOWS\system32\wiaacmgr.exe detected: Trojan-Downloader.Win32.Banload!IK C:\WINDOWS\system32\wpabaln.exe detected: Virus.Win32.Virut.q!IK C:\WINDOWS\system32\wupdmgr.exe detected: Virus.Win32.Virut.q!IK D:\3dmax plugins\Cebas_Thinking_Particles_V3_SP1_32bit_max9.rar/XF-IPClamp11-KG.exe detected: Virus.Win32.Trojan!IK D:\AE plugins\plugins for AE_CS3\plugins\Red Giant\Magic Bullet Colorista v1.0\Crack\Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK D:\AE plugins\plugins for AE_CS3\plugins\Red Giant\Magic Bullet Colorista v1.0\Red Giant Magic Bullet Colorista v1.0 Keygen Only\Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK D:\AE plugins\plugins for AE_CS3\plugins\TrapcodeHorizonv1.0.0.rar/Trapcode Horizon Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK D:\AE plugins\Trapcode Plugins for After Effects CS3\Trapcode.Horizon.v1.0.0\Crack\Trapcode Horizon Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK D:\AE plugins\Trapcode Plugins for After Effects CS3\Trapcode.Horizon.v1.0.0.rar/Trapcode Horizon Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK D:\Kituri\codec video bune\bs player.rar/keygen.EXE detected: Riskware.Hacktool.BSPlayerPro!IK D:\PS plugins\Photoshop CS3 plugins\DofPro3.0.rar/keygen.exe detected: Trojan-Downloader.Win32.Small!IK D:\Splutterfish Brazil Rs v1.2.66.for.Max.9.32Bit\brazil crack - ct\sfmgr1_2_1.zip/sfmgr.exe detected: Trojan-Downloader!IK D:\STICK\codec video bune\bs player.rar/keygen.EXE detected: Riskware.Hacktool.BSPlayerPro!IK F:\3d\3dmax\max-bunataturi\mai multe tipuri v-ray\nu prea merg\vray bun ...nu sterge\Vray1.47.03.rar/Vray1.47.03 Keygen.exe detected: Trojan.Generic!IK F:\3d\3dmax\max-bunataturi\mai multe tipuri v-ray\VRAY\VRay15RC3max9.rar/Keymaker.exe detected: Trojan.Generic!IK F:\3d\3dmax\max-bunataturi\pluginuri\3DStudioMax7\Plugins\Kaldera 1.0\pdxtsk1.006/kaldera.keygen.exe detected: Backdoor.Win32.Wootbot!IK F:\3d\3dmax\max-bunataturi\pluginuri\Brazil for 3D Studio Max 6\sfmgr1_2_1.zip/sfmgr.exe detected: Trojan-Downloader!IK F:\3d\3dmax\max-bunataturi\pluginuri\Brazil for 3D Studio Max 6.rar/sfmgr.exe detected: Trojan-Downloader!IK F:\3d\3dmax\max-bunataturi\pluginuri\fume\fume\DCPFLICS.dlu detected: Backdoor.Win32.Hupigon!IK F:\3d\3dmax\max-bunataturi\pluginuri\fume.rar/DCPFLICS.dlu detected: Backdoor.Win32.Hupigon!IK F:\razvan hdd\E\send it\Google.Earth.Pro.v4.2.0180.1134-iNT.EXCLUSIVE.ST.ace/GEP Add-on v4.2.180.1134.exe detected: Riskware.Patch.GoogleEarth!IK F:\razvan hdd\E\send it\Google.Earth.Pro.v4.2.0180.1134-iNT.EXCLUSIVE.ST.rar/GEP Add-on v4.2.180.1134.exe detected: Riskware.Patch.GoogleEarth!IK F:\razvan hdd\E\send it\sxe_si_patch28.rar/sxe.dll detected: Trojan.Crypt.XPACK!IK H:\3D max\plugins\Afterworks\Common\DCPFLICS.dlu detected: Backdoor.Win32.Hupigon!IK H:\PS\Photoshop.exe detected: Win32.SuspectCrc!IK H:\UltraVNC\sfx\winvnc.exe detected: !A2 H:\UltraVNC\winvnc.exe detected: !A2 Scanned Files: 267099 Traces: 591746 Cookies: 1504 Processes: 42 Found Files: 314 Traces: 40 Cookies: 39 Processes: 6 Registry keys: 0 Scan end: 3/21/2009 1:39:44 PM Scan time: 3:25:50 |
#8
Posted 21 March 2009 - 14:12
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Quote D:\Splutterfish Brazil Rs v1.2.66.for.Max.9.32Bit\brazil crack - ct\sfmgr1_2_1.zip/sfmgr.exe detected: Trojan-Downloader!IK D:\PS plugins\Photoshop CS3 plugins\DofPro3.0.rar/keygen.exe detected: Trojan-Downloader.Win32.Small!IK Poate chiar asta e sursa principala a problemei... Nu se acorda asistenta pentru warez. SOFTPEDIA NU INCURAJEAZA PIRATERIA ! |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users