 |  |  |  |  |  |  |  |
Infected: Trojan-downloader.win32.small.dam, Spyware
 |
Hi guys, i got a problem. Since yesterday my comp is slower then other days... IE is strange. if i open a searching window (Google) it takes ages to open the found site. sometimes it opens just a blank DOS window and i need to close it. Everytime if i have opened few IE windows with different webpages, and lets say in the 3rd window i click on a link the link will be opened in the first IE window without warning or stuff.
I got Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Sometimes this Windows window appears:
V aplikaci Generic Host Process for Win32 Services došlo k problému a je třeba ji zavřít. Omlouváme se za vzniklé potíže.
EventType : BEX P1 : svchost.exe P2 : 5.1.2600.2180 P3 : 41107ed6
P4 : netapi32.dll P5 : 5.1.2600.2180 P6 : 41228b48 P7 : 0000a3c0
P8 : c0000409 P9 : 00000000
at Kasperski result of an online scan:
Wednesday, January 17, 2007 8:43:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/01/2007
Kaspersky Anti-Virus database records: 244630
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 27497
Number of viruses found 2
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 00:40:27
Infected Object Name Virus Name Last Action
C:\3456346345643.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tomi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\dfsr.db Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\fsr.log Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\tmp.edb Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows Live Contacts\tominko777@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows Live Contacts\tominko777@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\History\History.IE5\MSHist012007011720070118\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF6A2A.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF6A2F.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF7396.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF739B.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tomi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tomi\UserData\index.dat Object is locked skipped
C:\syst.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3229.sys Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF Object is locked
skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar/wmp11-windowsxp-x86-enu/setup_wm.exe/1.exe Infected: Backdoor.Win32.Agent.agl skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar/wmp11-windowsxp-x86-enu/setup_wm.exe Infected: Backdoor.Win32.Agent.agl skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar RAR: infected - 2 skipped
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 20:45:26, on 17. 1. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
c:\Zaloha\HiJackThis.1.99.1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
hope it helps some
I got Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Sometimes this Windows window appears:
V aplikaci Generic Host Process for Win32 Services došlo k problému a je třeba ji zavřít. Omlouváme se za vzniklé potíže.
EventType : BEX P1 : svchost.exe P2 : 5.1.2600.2180 P3 : 41107ed6
P4 : netapi32.dll P5 : 5.1.2600.2180 P6 : 41228b48 P7 : 0000a3c0
P8 : c0000409 P9 : 00000000
at Kasperski result of an online scan:
Wednesday, January 17, 2007 8:43:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/01/2007
Kaspersky Anti-Virus database records: 244630
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 27497
Number of viruses found 2
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 00:40:27
Infected Object Name Virus Name Last Action
C:\3456346345643.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tomi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\dfsr.db Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\fsr.log Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Messenger\tominko777@hotmail.com\SharingMetadata\Working\database_FEFC_5C97_FC5C_4C51\tmp.edb Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows Live Contacts\tominko777@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Data aplikací\Microsoft\Windows Live Contacts\tominko777@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\History\History.IE5\MSHist012007011720070118\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF6A2A.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF6A2F.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF7396.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temp\~DF739B.tmp Object is locked skipped
C:\Documents and Settings\Tomi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tomi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tomi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tomi\UserData\index.dat Object is locked skipped
C:\syst.exe Infected: Trojan-Downloader.Win32.Small.dam skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3229.sys Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF Object is locked
skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar/wmp11-windowsxp-x86-enu/setup_wm.exe/1.exe Infected: Backdoor.Win32.Agent.agl skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar/wmp11-windowsxp-x86-enu/setup_wm.exe Infected: Backdoor.Win32.Agent.agl skipped
C:\Zaloha\Microsoft.Windows.Media.Player.v11.Beta.WinXP.Cracked-CRD\caa0023a.rar RAR: infected - 2 skipped
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 20:45:26, on 17. 1. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
c:\Zaloha\HiJackThis.1.99.1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
hope it helps some
rogram AVG Anti-Spyware - Správa o vyhľadávaní
---------------------------------------------------------
+ Vytvorený v: 17:27:41 19. 1. 2007
+ Výsledok vyhľadávania:
HKU\S-1-5-21-2000478354-725345543-549525114-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18668683-731C-48FA-B1B9-AD013748FB00} -> Adware.Generic : Vyčistené so zálohou (karanténa).
HKU\S-1-5-21-2000478354-725345543-549525114-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4D74AAA-A178-4463-846B-B4BC87A024E0} -> Adware.Generic : Vyčistené so zálohou (karanténa).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Vyčistené so zálohou (karanténa).
C:\syst.exe -> Downloader.Small.dam : Vyčistené so zálohou (karanténa).
C:\Documents and Settings\Tomi\Cookies\tomi@2o7[2].txt -> TrackingCookie.2o7 : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@adbrite[2].txt -> TrackingCookie.Adbrite : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@atdmt[2].txt -> TrackingCookie.Atdmt : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@doubleclick[2].txt -> TrackingCookie.Doubleclick : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@as1.falkag[2].txt -> TrackingCookie.Falkag : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@mediaplex[1].txt -> TrackingCookie.Mediaplex : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@spylog[1].txt -> TrackingCookie.Spylog : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@yadro[2].txt -> TrackingCookie.Yadro : Vyčistené.
vycistene means Cleared
---------------------------------------------------------
+ Vytvorený v: 17:27:41 19. 1. 2007
+ Výsledok vyhľadávania:
HKU\S-1-5-21-2000478354-725345543-549525114-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18668683-731C-48FA-B1B9-AD013748FB00} -> Adware.Generic : Vyčistené so zálohou (karanténa).
HKU\S-1-5-21-2000478354-725345543-549525114-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4D74AAA-A178-4463-846B-B4BC87A024E0} -> Adware.Generic : Vyčistené so zálohou (karanténa).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Vyčistené so zálohou (karanténa).
C:\syst.exe -> Downloader.Small.dam : Vyčistené so zálohou (karanténa).
C:\Documents and Settings\Tomi\Cookies\tomi@2o7[2].txt -> TrackingCookie.2o7 : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@adbrite[2].txt -> TrackingCookie.Adbrite : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@atdmt[2].txt -> TrackingCookie.Atdmt : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@doubleclick[2].txt -> TrackingCookie.Doubleclick : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@as1.falkag[2].txt -> TrackingCookie.Falkag : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@mediaplex[1].txt -> TrackingCookie.Mediaplex : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@spylog[1].txt -> TrackingCookie.Spylog : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Vyčistené.
C:\Documents and Settings\Tomi\Cookies\tomi@yadro[2].txt -> TrackingCookie.Yadro : Vyčistené.
vycistene means Cleared
•
•
•
•
Originally Posted by Tommi909 
rogram AVG Anti-Spyware - Správa o vyhľadávaní
---------------------------------------------------------
C:\syst.exe -> Downloader.Small.dam : Vyčistené so zálohou (karanténa).
It looks like AVG quarantined syst.exe.
As for your other problem, you might try the advice in this link:
http://forum.hijackthis.de/showthread.php?p=98121
Best Luck
PP
** You might want to consider installing an anti-virus app from my linky below!
Last edited by PhilliePhan; Jan 19th, 2007 at 3:45 pm.
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
|
Similar Threads
- IE spyware warning,IE hyjacked???? (Viruses, Spyware and other Nasties)
- Your Computer is infected (white x in red circle) (Viruses, Spyware and other Nasties)
- I have an AIM virus and I don't know what to do. (Viruses, Spyware and other Nasties)
- Need Serious Help With My HIJACKTHIS Log (Viruses, Spyware and other Nasties)
- wtta.exe ? (Viruses, Spyware and other Nasties)
- Virus problems.. (Viruses, Spyware and other Nasties)
- Trojan Virus - WinFixer and popups (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Started out as a small thing...
- Next Thread: sytem restore trouble
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
