Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Melodie dance veche

RIP Shifty Shellshock

Daca nu ar conta salariul, ce mes...

Racordare la apa termosemineu
 Mi-am luat 4x4 si vreau sa-l testez

Recomandare laptop cu luminozitat...

Cautarea pe google android nu merge

Caut serviciu serios de captura v...
 Frauda magazin online

AC Woods Venezia Smart - nu races...

podea ciment denivelata

Îndepartare bule folie reflectoriz...
 Revista imobiliara cu poze... cir...

Recomandare soundbar pentru laptop

Veți renunța in 2025 la...

Coaxial pentru cablare casa
 

Trojan.Inject,Trojan.Kobcka,Heur,jl.chura.pl

- - - - -
Last Updated: Mar 21 2009 14:12, Started by rusty_hawk , Mar 19 2009 22:44  
  ·  
  • This topic is locked This topic is locked
7 replies to this topic

#1
rusty_hawk
Posted 19 March 2009 - 22:44

rusty_hawk

    Junior Member

  • Grup: Members
  • Posts: 85
  • Înscris: 18.11.2006
Am reusit sa iau virusi dupa o perioada lunga de timp:D
Aveam instalat AVG free care a detectat Heur si jL.chura.pl  .Nu a reusit sa le stearga ,doar jL.chura.pl a fost sters intr-un final cu Bitdefender... care  s-a oprit la urmatorii de jos.

[System]=]C:\WINDOWS\System32\svchost.exe (memory dump) Trojan.Inject.IA No action was possible
[System]=]C:\WINDOWS\System32\svchost.exe (full dump) Trojan.Inject.IA No action was possible
[System]=]C:\WINDOWS\System32\svchost.exe (memory dump) Trojan.Kobcka.FM No action was possible
[System]=]C:\WINDOWS\System32\svchost.exe (full dump) Trojan.Kobcka.FM No action was possible
C:\WINDOWS\system32\7.tmp Backdoor.Bot.88071 Deleted
C:\WINDOWS\system32\svchost.exe=]:ext.exe Gen:Trojan.Heur.P30609FCFCF Deleted
C:\WINDOWS\system32\3.tmp Win32.Mydoom.ACH Deleted
C:\WINDOWS\system32\6.tmp Win32.Mydoom.ACH Deleted
C:\WINDOWS\system32\9.tmp Win32.Mydoom.ACH Deleted
C:\WINDOWS\system32\A.tmp Win32.Mydoom.ACH Deleted


Problema este ca imi pica internetul la un interval de 30min,timp in care mi se blocheaza si calculatorul,imi creeaza  .tmp in genul "3.tmp",postez ce mi-a aparut in HIJ

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 10:24:14 PM, on 3/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\dcpflics.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
H:\3D max\plugins\Brazil\sfmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
H:\bdefender\bdagent.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\bdefender\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv.dcn.ro/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\ndetect.exe,C:\WINDOWS\system32\hhupd.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - H:\bdefender\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] H:\Winamp\winampa.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "H:\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [BDAgent] "H:\bdefender\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "H:\bdefender\IEShow.exe"
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RGSC] D:\Jocuri\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7F69F9-FE02-4596-AE33-AC51B15190E1}: NameServer = 86.104.27.1,193.19.192.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: dvxagb - dvxagb.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - H:\Comodo\COMODO Internet Security\cmdagent.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files\DCPFLICS\dcpflics.exe
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\3D max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: BitDefender Threat Scanner (scan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - H:\3D max\plugins\Brazil\sfmgr.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - H:\bdefender\vsserv.exe
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe

#2
rootkit
Posted 20 March 2009 - 00:02

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Cred ca ai un file injector ce a modificat fisierele sistemului...

Pune urmatoarele fisiere intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.

Quote


C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rs32net.exe
C:\Documents and Settings\Hawk\reader_s.exe
C:\WINDOWS\system32\svchost.exe:ext.exe

NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM !

Dupa ce ai facut asta si numai dupa ce faci asta...


Descarca: ComboFix si salveaza-l pe Desktop.

Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

File::
C:\WINDOWS\System32\rs32net.exe
C:\Documents and Settings\Hawk\reader_s.exe
C:\WINDOWS\system32\svchost.exe:ext.exe

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis.

#3
rusty_hawk
Posted 21 March 2009 - 02:39

rusty_hawk

    Junior Member

  • Grup: Members
  • Posts: 85
  • Înscris: 18.11.2006
nu am mai procedat asa....aveam o imagine la C mai veche si am revenit pe aia.doar ca de virusi nu am scapat decat pt cateva ore.
ce am descoperit este ca virusul trimite mailuri la un ip  ...83.242.139.27....cel care are ip-ul e din rusia


si daca dau un netstat imi apare asta :
" TCP    yo:2523                bw-in-f101.google.com:http  ESTABLISHED
TCP    yo:2524                74.125.13.31:http      ESTABLISHED
TCP    yo:2528                e2.member.vip.mud.yahoo.com:https  ESTABLISHED
TCP    yo:2530                65.54.234.11:https     TIME_WAIT
TCP    yo:2531                84.53.182.90:http      ESTABLISHED
TCP    yo:2269                jL.chura.pl:2270       ESTABLISHED
TCP    yo:2270                jL.chura.pl:2269       ESTABLISHED
TCP    yo:2274                jL.chura.pl:2275       ESTABLISHED
TCP    yo:2275                jL.chura.pl:2274       ESTABLISHED
TCP    yo:5152                jL.chura.pl:1393       CLOSE_WAIT "

#4
E_manuel1
Posted 21 March 2009 - 02:49

E_manuel1

    Active Member

  • Grup: Members
  • Posts: 1,478
  • Înscris: 09.12.2007
Descarca  a-squared de AICI.

Faci update apoi dai deep scan,bifezi dupa scanare toate elementele gasite si remove.
Este necesar sa revii dupa aceea cu logu acestuia pe care-l salvezi la sfarsitu scanarii.

Sa ai system restore oprit,nu-ti deschide adresa de e-mail.
Dupa ce face update a-squared scoate internetu si apoi dai full scan.
Asteptam logu sa vedem e pe acolo.

Edited by E_manuel1, 21 March 2009 - 02:50.

#5
rootkit
Posted 21 March 2009 - 10:21

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007

View Postrusty_hawk, on Mar 21 2009, 02:39, said:

nu am mai procedat asa....aveam o imagine la C mai veche si am revenit pe aia.doar ca de virusi nu am scapat decat pt cateva ore.
ce am descoperit este ca virusul trimite mailuri la un ip  ...83.242.139.27....cel care are ip-ul e din rusia

Daca nu procedezi cum ti se spune, de ce mai ceri ajutor ?  -_-

#6
rusty_hawk
Posted 21 March 2009 - 12:36

rusty_hawk

    Junior Member

  • Grup: Members
  • Posts: 85
  • Înscris: 18.11.2006

View Postcrysty2k5, on Mar 21 2009, 10:21, said:

Daca nu procedezi cum ti se spune, de ce mai ceri ajutor ?  -_-
trebuia sa fac ceva,am deadline-uri si trebuie sa le respect din cauza asta am procedat asa,inca scanez cu a-squared

multumesc mult pentru ajutor,revin cand termin cu log

#7
rusty_hawk
Posted 21 March 2009 - 14:09

rusty_hawk

    Junior Member

  • Grup: Members
  • Posts: 85
  • Înscris: 18.11.2006
Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 2:05:58 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
H:\a-squared Free\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DCPFLICS\dcpflics.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv.dcn.ro/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\hhupd.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] H:\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RGSC] D:\Jocuri\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe
O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [RGSC] D:\Jocuri\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent (User '?')
O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1645522239-448539723-725345543-1003\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Hawk\reader_s.exe (User 'Default user')
O4 - S-1-5-21-1645522239-448539723-725345543-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7F69F9-FE02-4596-AE33-AC51B15190E1}: NameServer = 86.104.27.1,193.19.192.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{4727A314-105E-4D36-B2AB-0EFBC14501BF}: NameServer = 86.104.27.1,193.19.192.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files\DCPFLICS\dcpflics.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\3D max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8987 bytes












si reportul de la a a-squared


a-squared Free - Version 4.0
Last update: 3/21/2009 9:55:01 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\, F:\, G:\, H:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 3/21/2009 10:13:54 AM

[1596] C:\WINDOWS\Explorer.EXE detected: Trojan.Win32.Patched!IK
[1824] C:\WINDOWS\system32\RUNDLL32.EXE detected: Virus.Win32.Virut!IK
[5668] C:\WINDOWS\system32\ctfmon.exe detected: Exploit.Win32.IMG-WMF!IK
[620] C:\WINDOWS\System32\alg.exe detected: Virus.Win32.Virut.ak!IK
[2860] C:\Program Files\Internet Explorer\iexplore.exe detected: Trojan-Spy.Win32.Banker.RM!IK
[78860] C:\WINDOWS\system32\NOTEPAD.EXE detected: W32.Virut!IK
c:\documents and settings\hawk\application data\bsplayer pro detected: Trace.Directory.BSplayer!A2
c:\documents and settings\hawk\start menu\programs\webteh detected: Trace.Directory.BSplayer!A2
c:\documents and settings\all users\start menu\programs\ultravnc detected: Trace.Directory.UltraVNC!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server detected: Trace.Directory.UltraVNC!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer detected: Trace.Directory.UltraVNC!A2
c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder detected: Trace.Directory.Yahoo Message Archive Decoder!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server.lnk detected: Trace.File.UltraVNC!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server\install winvnc service.lnk detected: Trace.File.UltraVNC!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc server\remove winvnc service.lnk detected: Trace.File.UltraVNC!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer.lnk detected: Trace.File.UltraVNC!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer\run ultravnc viewer (listen mode).lnk detected: Trace.File.UltraVNC!A2
c:\documents and settings\all users\start menu\programs\ultravnc\ultravnc viewer\show ultravnc viewer help.lnk detected: Trace.File.UltraVNC!A2
c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder\ yahoo message archive decoder.lnk detected: Trace.File.Yahoo Message Archive Decoder!A2
c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder\purchase yahoo message archive decoder.lnk detected: Trace.File.Yahoo Message Archive Decoder!A2
c:\documents and settings\hawk\start menu\programs\yahoo message archive decoder\what's new in this release.lnk detected: Trace.File.Yahoo Message Archive Decoder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\INA --> yahoodecode detected: Trace.Registry.Yahoo Message Archive Decoder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> DisplayName detected: Trace.Registry.Yahoo Message Archive Decoder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> DisplayVersion detected: Trace.Registry.Yahoo Message Archive Decoder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> NSIS:StartMenuDir detected: Trace.Registry.Yahoo Message Archive Decoder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> Publisher detected: Trace.Registry.Yahoo Message Archive Decoder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo Message Archive Decoder --> UninstallString detected: Trace.Registry.Yahoo Message Archive Decoder!A2
c:\documents and settings\hawk\application data\bsplayer pro\eq.xml detected: Trace.File.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival --> BSplayerCDDA detected: Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Action detected: Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> DefaultIcon detected: Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeProgID detected: Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeVerb detected: Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Provider detected: Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName detected: Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString detected: Trace.Registry.BSplayer!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07!A2
Value: HKEY_USERS\S-1-5-21-1645522239-448539723-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07!A2
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt detected: Trace.TrackingCookie.atdmt!A2
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:35 detected: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:36 detected: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:161 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:177 detected: Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:299 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:341 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:342 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:343 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:346 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.txt:398 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1228918444203125 detected: Trace.TrackingCookie.count!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1228984156921875 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1230242567218750 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1230622484953125 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1231931758921875 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1231934235484375 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1232465293703125 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1233271175640626 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234615717671875 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234720147812501 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234736762593750 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234738536859375 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234828990781250 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234862670328125 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1234870840343750 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235032997250000 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235033552484375 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235044504343750 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235050015796875 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235050073781250 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235050276875000 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1235128774000000 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552595870513 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552669698638 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552809448638 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237552920823638 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Application Data\Mozilla\Firefox\Profiles\zatoa04k.default\cookies.sqlite:1237595217265625 detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Hawk\Local Settings\Temporary Internet Files\Content.IE5\J549CGTG\abb[1].txt detected: Trojan-PWS.Papras!IK
C:\Documents and Settings\Hawk\Local Settings\Temporary Internet Files\Content.IE5\NLVRNITX\em[1].txt detected: Packed.Win32.Krap!IK
C:\Documents and Settings\Hawk\Local Settings\Temporary Internet Files\Content.IE5\SMAJAY7H\ge[1].txt detected: Packed.Win32.Krap!IK
C:\Program Files\Internet Explorer\IEXPLORE.EXE detected: Trojan-Spy.Win32.Banker.RM!IK
C:\Program Files\Movie Maker\moviemk.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\Program Files\Outlook Express\msimn.exe detected: Email-Worm.Win32.Tanatos.B!IK
C:\Program Files\Outlook Express\wab.exe detected: Trojan-Dropper.Agent!IK
C:\Program Files\Windows Media Player\setup_wm.exe detected: Win32.Cadoiac.A!IK
C:\Program Files\Windows Media Player\wmplayer.exe detected: Virus.Win32.VB.dl!IK
C:\Program Files\Windows NT\Accessories\wordpad.exe detected: Virus.Win32.Virut.q!IK
C:\Program Files\Windows NT\hypertrm.exe detected: Virus.Win32.Virut.q!IK
C:\Program Files\Windows NT\Pinball\PINBALL.EXE detected: Virus.Win32.Virut.n!IK
C:\Program Files\WinRAR\Uninstall.exe detected: Backdoor.Win32.PoeBot.A!IK
C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe detected: Trojan.Win32.Patched!IK
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe detected: W32.Virut!IK
C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\$NtUninstallKB925720$\magnify.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\$NtUninstallKB925720$\utilman.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\explorer.exe detected: Trojan.Win32.Patched!IK
C:\WINDOWS\HideWin.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\inf\unregmp2.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe detected: Win32.SuspectCrc!IK
C:\WINDOWS\msagent\agentsvr.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\mui\muisetup.exe detected: W32.Virut!IK
C:\WINDOWS\NOTEPAD.EXE detected: W32.Virut!IK
C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agentsvr.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\alg.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\cleanmgr.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\cmdl32.exe detected: W32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ctfmon.exe detected: Backdoor.Win32.Popwin!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\dlimport.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe detected: Trojan.Win32.Patched!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ftp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\iexplore.exe detected: Trojan-Spy.Win32.Banker.RM!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ilasm.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\logon.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\magnify.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\migwiz.exe detected: Win32.Virtob.2!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\migwiza.exe detected: Win32.Virtob.2!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mnmsrvc.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mobsync.exe detected: W32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\moviemk.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mplay32.exe detected: Virus.Win32.DeadCode.b!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mqsvc.exe detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msdtc.exe detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msiexec.exe detected: W32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msimn.exe detected: Email-Worm.Win32.Tanatos.B!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\msiregmv.exe detected: W32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\muisetup.exe detected: W32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\net.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ngen.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\notepad.exe detected: W32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\pinball.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\powercfg.exe detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\rcp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\reg.exe detected: Win32.Virtob.8!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\rsh.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sessmgr.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\setup_wm.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sigverif.exe detected: W32.Virut!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sndrec32.exe detected: Virus.Win32.DeadCode.b!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ssmarque.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ssmyst.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\taskkill.exe detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tasklist.exe detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\taskmgr.exe detected: Riskware.Server-FTP.Win32.Serv-U.50011!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tourstrt.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\unregmp2.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ups.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\vssvc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wab.exe detected: Trojan-Dropper.Agent!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wextract.exe detected: Backdoor.Win32.Hupigon!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wiaacmgr.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wmplayer.exe detected: Virus.Win32.VB.dl!IK
C:\WINDOWS\system32\ahui.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\alg.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\arp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\atmadm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\blastcln.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\chkntfs.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\cidaemon.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\cleanmgr.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\clipsrv.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\cmmon32.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\Com\comrereg.exe detected: Win32.Virut.R!IK
C:\WINDOWS\system32\compact.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\control.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\convert.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ctfmon.exe detected: Exploit.Win32.IMG-WMF!IK
C:\WINDOWS\system32\dcomcnfg.exe detected: Win32.Virut.R!IK
C:\WINDOWS\system32\diantz.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\agentsvr.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\ahui.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\alg.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\arp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\atmadm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\blastcln.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\chkntfs.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\cidaemon.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\cleanmgr.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\clipsrv.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\cmmon32.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\compact.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\comrereg.exe detected: Win32.Virut.R!IK
C:\WINDOWS\system32\dllcache\control.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\convert.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ctfmon.exe detected: Exploit.Win32.IMG-WMF!IK
C:\WINDOWS\system32\dllcache\dcomcnfg.exe detected: Win32.Virut.R!IK
C:\WINDOWS\system32\dllcache\diantz.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\drwtsn32.exe detected: Virus.Win32.Virut.bo!IK
C:\WINDOWS\system32\dllcache\eudcedit.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\eventvwr.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\evntwin.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\explorer.exe detected: Trojan.Win32.Patched!IK
C:\WINDOWS\system32\dllcache\fontview.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ftp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\helpsvc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ie4uinit.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\iexplore.exe detected: Trojan-Spy.Win32.Banker.RM!IK
C:\WINDOWS\system32\dllcache\ipconfig.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ipv6.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\logon.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\lpq.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\lpr.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\magnify.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\makecab.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\migwiz.exe detected: Win32.Virtob.2!IK
C:\WINDOWS\system32\dllcache\migwiz_a.exe detected: Win32.Virtob.2!IK
C:\WINDOWS\system32\dllcache\mmc.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\mnmsrvc.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\dllcache\mobsync.exe detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\moviemk.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\system32\dllcache\mplay32.exe detected: Virus.Win32.DeadCode.b!IK
C:\WINDOWS\system32\dllcache\mqsvc.exe detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\system32\dllcache\msconfig.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\msdtc.exe detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\system32\dllcache\mshearts.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\msiexec.exe detected: Virus.Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\msimn.exe detected: Email-Worm.Win32.Tanatos.B!IK
C:\WINDOWS\system32\dllcache\msiregmv.exe detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\mspaint.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\mstsc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\mtstocom.exe detected: Win32.Virut.R!IK
C:\WINDOWS\system32\dllcache\muisetup.exe detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\net.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\netdde.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\notepad.exe detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\notiflag.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\nppagent.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ntbackup.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\nwscript.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\oobebaln.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\pinball.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\dllcache\powercfg.exe detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\dllcache\rcimlby.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\rcp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\reg.exe detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\dllcache\regsvr32.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\rexec.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\rsh.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\rsm.exe detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\dllcache\rstrui.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\rundll32.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\savedump.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\sdbinst.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\services.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\sessmgr.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\setup.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\setup_wm.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\sfc.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\shutdown.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\sigverif.exe detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\skeys.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\smi2smir.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\sndrec32.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\sol.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\spider.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\spnpinst.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ssbezier.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ssflwbox.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ssmarque.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ssmyst.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\sysinfo.exe detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\dllcache\sysocmgr.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\taskmgr.exe detected: Riskware.Server-FTP.Win32.Serv-U.50011!IK
C:\WINDOWS\system32\dllcache\tourstrt.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\dllcache\tracert.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\tsdiscon.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\unregmp2.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\uploadm.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\upnpcont.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\ups.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\dllcache\userinit.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\vssvc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wab.exe detected: Trojan-Dropper.Agent!IK
C:\WINDOWS\system32\dllcache\wbemtest.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wextract.exe detected: Backdoor.Win32.Hupigon!IK
C:\WINDOWS\system32\dllcache\wiaacmgr.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\system32\dllcache\winlogon.exe detected: Trojan.Win32.Patched!IK
C:\WINDOWS\system32\dllcache\wmiadap.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wmiapsrv.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wmiprvse.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wmplayer.exe detected: Virus.Win32.VB.dl!IK
C:\WINDOWS\system32\dllcache\wordpad.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wpabaln.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wupdmgr.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\drwtsn32.exe detected: Virus.Win32.Virut.bo!IK
C:\WINDOWS\system32\eudcedit.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\eventvwr.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\fontview.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ftp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\ie4uinit.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ipconfig.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ipv6.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\logon.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\lpq.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\lpr.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\magnify.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\makecab.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\mmc.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\mnmsrvc.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\mobsync.exe detected: W32.Virut!IK
C:\WINDOWS\system32\mplay32.exe detected: Virus.Win32.DeadCode.b!IK
C:\WINDOWS\system32\mqsvc.exe detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\system32\msdtc.exe detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\system32\mshearts.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\msiexec.exe detected: Virus.Win32.Virtob!IK
C:\WINDOWS\system32\mspaint.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\mstsc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\net.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\netdde.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\notepad.exe detected: W32.Virut!IK
C:\WINDOWS\system32\npp\nppagent.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ntbackup.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\nwscript.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\oobe\oobebaln.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\powercfg.exe detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\rcimlby.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\rcp.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\reg.exe detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\regsvr32.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\Restore\rstrui.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\rexec.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\rsh.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\rsm.exe detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\rundll32.exe detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\savedump.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sdbinst.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sessmgr.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\setup.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sfc.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\shutdown.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sigverif.exe detected: W32.Virut!IK
C:\WINDOWS\system32\skeys.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sndrec32.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sol.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\spider.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\spnpinst.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ssbezier.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ssflwbox.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ssmarque.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ssmyst.scr detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\sysocmgr.exe detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\systeminfo.exe detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\taskmgr.exe detected: Riskware.Server-FTP.Win32.Serv-U.50011!IK
C:\WINDOWS\system32\tourstart.exe detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\tracert.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\tsdiscon.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\upnpcont.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ups.exe detected: Virus.Win32.Virut.ak!IK
C:\WINDOWS\system32\userinit.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\usmt\migwiz.exe detected: Win32.Virtob.2!IK
C:\WINDOWS\system32\usmt\migwiz_a.exe detected: Win32.Virtob.2!IK
C:\WINDOWS\system32\vssvc.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wbem\wbemtest.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wbem\wmiadap.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wbem\wmiapsrv.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wextract.exe detected: Backdoor.Win32.Hupigon!IK
C:\WINDOWS\system32\wiaacmgr.exe detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\system32\wpabaln.exe detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wupdmgr.exe detected: Virus.Win32.Virut.q!IK
D:\3dmax plugins\Cebas_Thinking_Particles_V3_SP1_32bit_max9.rar/XF-IPClamp11-KG.exe detected: Virus.Win32.Trojan!IK
D:\AE plugins\plugins for AE_CS3\plugins\Red Giant\Magic Bullet Colorista v1.0\Crack\Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK
D:\AE plugins\plugins for AE_CS3\plugins\Red Giant\Magic Bullet Colorista v1.0\Red Giant Magic Bullet Colorista v1.0 Keygen Only\Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK
D:\AE plugins\plugins for AE_CS3\plugins\TrapcodeHorizonv1.0.0.rar/Trapcode Horizon Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK
D:\AE plugins\Trapcode Plugins for After Effects CS3\Trapcode.Horizon.v1.0.0\Crack\Trapcode Horizon Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK
D:\AE plugins\Trapcode Plugins for After Effects CS3\Trapcode.Horizon.v1.0.0.rar/Trapcode Horizon Keygen.exe detected: Trojan-Downloader.Win32.Banload!IK
D:\Kituri\codec video bune\bs player.rar/keygen.EXE detected: Riskware.Hacktool.BSPlayerPro!IK
D:\PS plugins\Photoshop CS3 plugins\DofPro3.0.rar/keygen.exe detected: Trojan-Downloader.Win32.Small!IK
D:\Splutterfish Brazil Rs v1.2.66.for.Max.9.32Bit\brazil crack - ct\sfmgr1_2_1.zip/sfmgr.exe detected: Trojan-Downloader!IK
D:\STICK\codec video bune\bs player.rar/keygen.EXE detected: Riskware.Hacktool.BSPlayerPro!IK
F:\3d\3dmax\max-bunataturi\mai multe  tipuri v-ray\nu prea merg\vray bun ...nu sterge\Vray1.47.03.rar/Vray1.47.03 Keygen.exe detected: Trojan.Generic!IK
F:\3d\3dmax\max-bunataturi\mai multe  tipuri v-ray\VRAY\VRay15RC3max9.rar/Keymaker.exe detected: Trojan.Generic!IK
F:\3d\3dmax\max-bunataturi\pluginuri\3DStudioMax7\Plugins\Kaldera 1.0\pdxtsk1.006/kaldera.keygen.exe detected: Backdoor.Win32.Wootbot!IK
F:\3d\3dmax\max-bunataturi\pluginuri\Brazil for 3D Studio Max 6\sfmgr1_2_1.zip/sfmgr.exe detected: Trojan-Downloader!IK
F:\3d\3dmax\max-bunataturi\pluginuri\Brazil for 3D Studio Max 6.rar/sfmgr.exe detected: Trojan-Downloader!IK
F:\3d\3dmax\max-bunataturi\pluginuri\fume\fume\DCPFLICS.dlu detected: Backdoor.Win32.Hupigon!IK
F:\3d\3dmax\max-bunataturi\pluginuri\fume.rar/DCPFLICS.dlu detected: Backdoor.Win32.Hupigon!IK
F:\razvan hdd\E\send it\Google.Earth.Pro.v4.2.0180.1134-iNT.EXCLUSIVE.ST.ace/GEP Add-on v4.2.180.1134.exe detected: Riskware.Patch.GoogleEarth!IK
F:\razvan hdd\E\send it\Google.Earth.Pro.v4.2.0180.1134-iNT.EXCLUSIVE.ST.rar/GEP Add-on v4.2.180.1134.exe detected: Riskware.Patch.GoogleEarth!IK
F:\razvan hdd\E\send it\sxe_si_patch28.rar/sxe.dll detected: Trojan.Crypt.XPACK!IK
H:\3D max\plugins\Afterworks\Common\DCPFLICS.dlu detected: Backdoor.Win32.Hupigon!IK
H:\PS\Photoshop.exe detected: Win32.SuspectCrc!IK
H:\UltraVNC\sfx\winvnc.exe detected: !A2
H:\UltraVNC\winvnc.exe detected: !A2

Scanned

Files: 267099
Traces: 591746
Cookies: 1504
Processes: 42

Found

Files: 314
Traces: 40
Cookies: 39
Processes: 6
Registry keys: 0

Scan end: 3/21/2009 1:39:44 PM
Scan time: 3:25:50

#8
rootkit
Posted 21 March 2009 - 14:12

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007

Quote

D:\Splutterfish Brazil Rs v1.2.66.for.Max.9.32Bit\brazil crack - ct\sfmgr1_2_1.zip/sfmgr.exe detected: Trojan-Downloader!IK
D:\PS plugins\Photoshop CS3 plugins\DofPro3.0.rar/keygen.exe detected: Trojan-Downloader.Win32.Small!IK

Poate chiar asta e sursa principala a problemei...

Nu se acorda asistenta pentru warez. SOFTPEDIA NU INCURAJEAZA PIRATERIA !

Anunturi

Bun venit pe Forumul Softpedia!
Back to Devirusare & raportare virusi/malware

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Forumul Softpedia
  2. Soft Related / OS
  3. Antivirus & Security
  4. Devirusare & raportare virusi/malware
Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate