DaniWeb IT Discussion Community - Infected: Trojan-downloader.win32.small.dam, Spyware

Hi guys, i got a problem. Since yesterday my comp is slower then other days... IE is strange. if i open a searching window (Google) it takes ages to open the found site. sometimes it opens just a blank DOS window and i need to close it. Everytime if i have opened few IE windows with different webpages, and lets say in the 3rd window i click on a link the link will be opened in the first IE window without warning or stuff.

I got Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Sometimes this Windows window appears:
V aplikaci Generic Host Process for Win32 Services došlo k problému a je třeba ji zavřít. Omlouváme se za vzniklé potíže.
EventType : BEX P1 : svchost.exe P2 : 5.1.2600.2180 P3 : 41107ed6
P4 : netapi32.dll P5 : 5.1.2600.2180 P6 : 41228b48 P7 : 0000a3c0
P8 : c0000409 P9 : 00000000

at Kasperski result of an online scan:
Wednesday, January 17, 2007 8:43:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/01/2007
Kaspersky Anti-Virus database records: 244630

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 27497
Number of viruses found 2
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 00:40:27

Infected Object Name Virus Name Last Action
C:\3456346345643.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Tomi\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\bl.db-journal Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\is2.db-journal Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\dfsr.db Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\fsr.log Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\tmp.edb Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows Live Contacts\tominko777@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows Live Contacts\tominko777@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\History\History.IE5\MSHist012007011720070118\index.dat Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Temp\~DF6A2A.tmp Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Temp\~DF6A2F.tmp Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Temp\~DF7396.tmp Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Temp\~DF739B.tmp Object is locked skipped

C:\Documents and Settings\Tomi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tomi\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Tomi\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Tomi\UserData\index.dat Object is locked skipped

C:\syst.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd3229.sys Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF Object is locked
skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar/wmp11-windowsxp-x86-enu/setup_wm.exe/1.exe Infected: Backdoor.Win32.Agent.agl skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar/wmp11-windowsxp-x86-enu/setup_wm.exe Infected: Backdoor.Win32.Agent.agl skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar RAR: infected - 2 skipped

HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 20:45:26, on 17. 1. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
c:\Zaloha\HiJackThis.1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

hope it helps some