|
|
|
Problem with I-WORM/VB.DV.
|
|
|
Leerma
Newbie
|
3. October 2006 @ 10:30 |
Link to this message
|
Hi all, today i kept receiving messages from the AVG program saying that a virus had been found. I clicked 'heal', but some how the virus seems to be unafected by AVG's treatment, and the messages kept on coming back, ten at the time mostly...
I found this site here, and more specifically this thread by Smadbak: http://forums.afterdawn.com/thread_view.cfm/397998
As I'm not at all used to exterminating viruses, I wasn't able at fixing it (I have AVG do it all for me, and never had any problems, until today...).
If anyone's out there who can and wants to give some advice to this mere stranger, I'd be extremely thankful!
Thanks,
R
PS: I don't know the policies here about starting new threads here, so please correct me if I've done something wrong!
EDIT:
I include the logfile of my last HijackThis scan:
Logfile of HijackThis v1.99.1
Scan saved at 21:17:25, on 3/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\12023SC Wireless Combo Set\MouseDrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\12023SC Wireless Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Hitman Pro\srhelper.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12023SC Wireless Combo Set\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\12023SC Wireless Combo Set\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1121888880795
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.indiansprings.org/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\Software\..\Telephony: DomainName = vub.ac.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C2E1CC-5658-4282-8E47-9B57F3E39600}: NameServer = 134.184.250.7,134.184.15.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vub.ac.be
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
This message has been edited since posting. Last time this message was edited on 3. October 2006 @ 11:18
|
|
Advertisement
|
 |
|
|
Senior Member
|
3. October 2006 @ 12:45 |
Link to this message
|
Hello Leerma, as you can see in the other thead we chose to change to NOD32 temporarily. This is probably best our best choice for complete removal.
Please go here and download the 30 day trial of NOD32.
Uninstall AVG and restart.
Install NOD32, just use the recommended install. You may have to restart.
Open NOD32 from the system tray.
Click on NOD32.
Click In-depth analysis.
After that, go here and click Kaspersky Online Scanner.
Accept the terms.
After downloading, click My Computer.
After scanning click "Save report as".
Save as a text file.
Post back with a new HijackThis log and the Kaspersky log.
This message has been edited since posting. Last time this message was edited on 3. October 2006 @ 12:47
|
|
Leerma
Newbie
|
4. October 2006 @ 09:04 |
Link to this message
|
Hi Niobis,
I uninstalled AVG, installed NOD32, scanned in-depth, but nothing was found...
I'm scanning now with kaspersky, (70% progress at the moment), and haven't found anything so far...
I'll post the actual results immediately after the scan.
thanks a lot for the help!
Leerma
|
|
Leerma
Newbie
|
4. October 2006 @ 10:23 |
Link to this message
|
|
Not yet finished, but NOD32 detected a worm named Brontrok:
I deleted it and copied to quarantine, a popup came and said an error occurred while moving to quarantine. Afterwards other popups came with messages like this: "Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window."
Any thoughts?
Thanks
|
Senior Member
|
4. October 2006 @ 10:30 |
Link to this message
|
|
SpySweeper's sheilds are stoping it from being deleted. Disable SpySweeper's sheilds via settings.
|
|
Leerma
Newbie
|
4. October 2006 @ 10:36 |
Link to this message
|
|
I think i unchecked all the shields, it now sais 5 of 5 critical shields are turned off.. What shall I do now?
KasperSky is 99% now
|
|
Leerma
Newbie
|
4. October 2006 @ 10:41 |
Link to this message
|
Ok here I am:
KasperSky Report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 04, 2006 8:37:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/10/2006
Kaspersky Anti-Virus database records: 215587
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 115885
Number of viruses found: 6
Number of infected objects: 247 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:59:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS01BBE2F7-901F-4D5B-A656-F74AC83DAC36.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09D0046F-179B-4561-A53B-9A083EDCCCBD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A467C25-B878-4499-B90C-833483CC37EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A8EE110-270B-453B-B879-FE42CEE4D28B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AB272BC-B6A6-414D-8E0F-2DFC87139130.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AE4719C-33E7-4AD6-B915-FE9D20B4FAB7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CB4BF39-CC89-460A-9FA1-673D877DD540.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D504AFE-FFD6-4A86-8447-95B5A3A285E8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS103A9A10-D0A4-4A49-9978-8A3597FC288E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11057B6F-A49D-4279-898B-F29394FF1530.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS122B14E0-F23A-4636-8BB2-FD60A17A709A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS136E6A9B-D7B5-4EA1-8EC7-71E0A54283DA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS140E7666-B467-4DAE-BA4F-90D9EA5D71AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS162DDBA5-E4DD-4ECC-9990-C693F91BE53F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS16CA9872-DE8D-45E6-A8EF-6F5478167373.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17B6A3F0-39D7-4979-97D4-F7590E1D61D5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BC40C45-9ADC-4A19-8B67-9A1413BE87B8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1C662605-7B81-47EE-953D-7DE5CBF3809A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1F1E16E3-0278-475A-A3F7-0FAB599EF9B9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS24FA6989-52EC-4E0E-B52A-7B18102A52C4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29666D9F-9A80-4F4F-9CF0-B1705728A62F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29D72DAE-92A1-4183-A51C-1BF6D38065F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B224EAB-8173-421A-983C-5603319657C3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F93CEE9-1457-444F-9200-1F06757FDA4A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2FBD6224-34EE-4154-8DFB-558E6A2D5A2C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2FDFA34E-865B-4890-A3D8-7E23DA1D0A29.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32500476-F968-4005-B14F-20739437845A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS33A5BAA4-AC21-43C1-B766-A3623DEA0506.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3810640F-1B88-4070-99AC-791A99709B85.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A47625A-5172-4FA5-B662-11A5D8CD603F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A91EA9D-303A-4119-A1B0-75DDEDE63952.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS403D4E5B-1C72-4F36-BEE3-10FC5A7F5685.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS40734D4E-1E08-41C7-8149-C914754C97AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42F38F12-5BF4-436E-8463-0A24FFFA40E0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43085DC3-F852-4D97-ACA7-5CF36BBEF2C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44285E69-2DE5-49D9-84B1-E9822DFF4299.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4479CD46-CBA0-4C92-B7D2-38382C773079.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS48565A21-551E-4887-97EC-44F53392FFD0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A9ABA66-95CC-4DCE-99D0-253979BB8D68.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B2F4348-005B-42FC-80ED-7D3976BFB09D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4BED12C5-9009-4987-B1B0-6BAF73CEEBBC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4BFB852B-45AD-4801-9B7D-AEE6EDE27ACD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4DF66505-3399-4FE3-8BFE-720AFE8E038B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5189D37B-24DD-420D-8445-62C64FE0FD36.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS51F0A002-00A6-4095-A328-EFC23E2947C6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS52A48A5C-D33C-4B09-BFED-13945D453933.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5427A509-ACFC-4358-8C2A-0EDD615B9ED2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS557AC919-D1FD-412F-81EF-E098B2019C6D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS570C5F4B-1264-4657-9446-AB2C6A1609E8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57F6B99E-9B26-4075-ACE8-FFCC310992D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A747E97-FBA4-4BD5-A1BE-996C0F063927.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5B7BD831-4575-442D-8D02-9777CEC43DD5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D20DEE0-C6D5-4020-962F-A797FC9288B2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D9C9B5B-CB6B-436D-8E52-D83041066343.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS60935934-B872-4CB4-BB83-5E1B1A030EB5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63965A01-9976-4C26-ACDB-385F28D2AE6E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65E08955-8134-4D7B-A303-721F81FB0739.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS67628A87-CF70-4005-8EB9-B08CA4FF4E1D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS67E0324A-E34E-45F9-A589-82411B296FC1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C1DB263-4850-430E-B8BF-F0777098EF34.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS74350109-7C3E-4053-8609-434BB4B2C033.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7867320C-0849-4DB4-8037-02D093F368BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7BDEEDA1-A0CD-4E17-A9E6-613CE0534601.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EB96B58-6315-425F-ABCB-7D87B868DCB3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FEE2C11-682E-49E0-A7A6-1EFD516BAF9E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS802948AC-E6C0-4979-AEAD-B5EE5EB75645.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8184724F-BF28-48E8-8A55-474B2468B852.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82B71259-2BF7-4589-ADD1-88549C278822.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS836EE368-E252-49AD-BE02-FE2C1BD48185.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85D0559C-DF29-4422-A358-6D335678207E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8BDDB396-4FA1-4BA5-B9FD-3A8D47860B5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8DCA1159-86D3-493D-B0BB-A649546543E5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9AFD84A6-A84C-4BB6-A455-1E6AA200009B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C888031-579E-48BF-90E7-EF999E930DE6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9EDF4D15-F267-414D-B6E6-505A4231E97E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1894939-9339-402E-9E88-B55CC89D6FFE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2B2DC29-ED37-48B0-AE4F-970D8431F04F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA402F3AB-8282-469F-A8B8-08C5A385D215.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA606898D-324A-44EF-9E3D-C9D3F4A06CD0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSADC39204-2E80-4E42-8E16-B037496390F8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB49CD34B-714A-4AB9-A1DC-DD9DA672A6B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6C8B3B8-3F66-4DAB-BB61-C8C8331F48FF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB79EFDEE-AD12-4249-888D-623E814CA75F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB972594F-86CE-451D-AB0F-D3AF94FB5CBF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2175918-7FC1-4E1D-97D1-A0C711424F6A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC3B8371D-618A-4868-B834-02465680E55A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5081EB7-E2C8-4F16-B9AB-31E19143872D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC883CE92-0E29-4E53-A0A3-0FE7312B0BE3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9A5A6D1-ED52-4336-A62B-44655C2F82C4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC00F8F7-FEA6-43AE-A74D-9261EFBADF4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCCA64928-25E9-4ACF-AA29-7BACEEC518A2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCD53B171-6E0D-4CB5-BC72-32C79975178B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD12DDB79-E6F1-4E59-8F28-CA45A31BBB39.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD352DA26-37A3-45A9-A1E0-5A7624CD7FF0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD61AD1F4-EAA5-4D06-94A9-92DE49C22045.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8FB953B-F3F3-4E5F-A785-FD800EB4ED8F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD90BFF6C-4EFA-41F4-B09A-CCB7B405292B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCAEAC9A-45CB-4FCA-A604-9B33588B4A2D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDFE1D165-C087-47D9-BE0E-6BA74A69E5BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2E18817-8858-40C2-A0A2-4292EA5D3F8A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE72CB837-FC16-4581-AE95-8A29A5F9A353.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE782700D-891E-49CE-B9BD-6334856FE1E2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE9EA0D93-6E55-4893-9078-9CAF92D8DB8E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA3D6E85-9829-46FA-9F33-F010B4179A3F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA667F2D-BF4F-46AF-A82F-D6716960EA74.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3374C9F-0B13-44D8-8154-B8BDA3694BBF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF4582D99-5CD5-4A3F-A02F-90C5F5EB01B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF57FC029-0DE6-4841-AE72-F1F0799FB0F8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD12B0D0-4249-43A3-B5AA-882874DBC840.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\test\Application Data\Webroot\Spy Sweeper\Logs\061003193544.ses Object is locked skipped
C:\Documents and Settings\test\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\test\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\test\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\test\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\test\Local Settings\Geschiedenis\History.IE5\MSHist012006100420061005\index.dat Object is locked skipped
C:\Documents and Settings\test\Local Settings\Temp\Perflib_Perfdata_4b8.dat Object is locked skipped
C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\test\Mijn documenten\Mijn gesprekgeschiedenis\Gebeurtenissenlogboek.txt Object is locked skipped
C:\Documents and Settings\test\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\test\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped
C:\Program Files\Eset\logs\virlog.dat Object is locked skipped
C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\004E1750.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\011A035F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A467B31.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A831E8B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AAC7138.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B126740.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B785D47.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BDE534F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0C454956.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CAB3F5E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EB61934.exe Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F2D13F6.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\115F2CD2.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\15D6372F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\1608223E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\163C2D37.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\16A3233E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\176F0F4D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\17D50555.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\183B7B5D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D6D37EE.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FE4147E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\21CD6935.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\22995545.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\22FF4B4C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\23CB375B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\24312D63.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\248D09EA.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2BAE5BE6.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D5D2534.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DC31B3C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E291143.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8F074B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF67D52.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F5C735A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2FC26961.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\30575151.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\31087089.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\31087089.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\31087089.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\31087089.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\31087089.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\31087089.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\31087089.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\32896A2D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\32CE2DE1.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\35862B98.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\358C7F91.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\358C7F91.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\358C7F91.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\358C7F91.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\358C7F91.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\358C7F91.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\361F4E25.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36227821.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3626221E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36294C1A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\362C7617.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36302013.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36334A0F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3636740C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36391E08.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\363D4805.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36407201.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36431BFD.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\364645FA.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\364A6FF6.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\364D19F3.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\365717E8.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\365A41E4.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\365D6BE1.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\366015DD.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36643FD9.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\366A13D2.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\366E3DCF.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\367167CB.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\367411C7.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36773BC4.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\367B65C0.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\367E0FBD.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\368139B9.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\368463B5.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36880DB2.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\368B37AE.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\368E61AB.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36910BA7.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\369535A4.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36985FA0.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\369B099C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\369F3399.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36A25D95.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36A50792.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36A8318E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36AC5B8A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36AF0587.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36B22F83.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36B55980.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36B9037C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36BC2D78.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36BF5775.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36C20171.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36C62B6E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36C9556A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36CC7F66.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36D02963.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36D3535F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36D67D5C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36D92758.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36DD5154.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36E07B51.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36E3254D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36E64F4A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36EA7946.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36ED2342.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36F04D3F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36F3773B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36F72138.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36FA4B34.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\36FD7531.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\37011F2D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\37044929.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\37077326.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\370A1D22.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\370E471F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3711711B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\37141B17.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\37174514.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\371B6F10.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\371E190D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\37214309.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\37246D05.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3954573A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\39BA4D42.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\39EE7FDD.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A204349.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B522560.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3C8B60C4.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E977549.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\414525E0.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\41494FDC.exe Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\41494FDC.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\415677CE.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\43416AB5.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\447E1D31.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\454A0940.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\45730390.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\45B07F48.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\467C6B57.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\46E2615F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\482F23D5.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\49E322C6.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\4A613CB0.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\4CD81940.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F0A321C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F4F75D1.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\500E5930.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\50DA453F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\51403B47.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\52731D5D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\536633EE.exe Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\53F86B3C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AD47984.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B9E152F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5C050B36.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5C6B013E.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CD17745.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D376D4D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D9D6354.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E03595C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5FC232A4.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\61740340.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\61740340.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\61740340.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\61740340.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\61740340.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\61740340.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61740340.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DA18D0.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DA18D0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DA18D0.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DA18D0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DA18D0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DA18D0.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DA18D0.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DD42CD.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DD42CD.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DD42CD.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DD42CD.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DD42CD.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61DD42CD.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61F44B7F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\62390F34.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\63062F86.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\63095982.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\63095982.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\63095982.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\63095982.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\63095982.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\63095982.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\646B280F.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\672F512D.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\67F10E20.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\67FB3D3C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\68613344.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\68C7294B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\692D1F53.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\69596130.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\6994155A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\69FA0B62.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E02569B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\70346F77.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\72BF0D2C.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\73250333.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\738B793B.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\73F26F42.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7458654A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\74BE5B52.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\74DE64E3.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\75245159.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\75542C46.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\75542C46.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\75542C46.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\75542C46.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\75542C46.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\75542C46.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\758A4761.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\76883139.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\76883139.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\76883139.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\76883139.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\76883139.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\76883139.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\77554173.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\779A0527.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7BFE36DE.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E9B1E06.exe Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EB63F32.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EBA5723.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F1C353A.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F822B41.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FA806B7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FA806B7.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FA806B7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FA806B7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FA806B7.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FA806B7.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FE82149.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6DD67A3D-B07F-4376-B7D0-72D7A6198C4E}\RP319\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
HijackThis Report:
Logfile of HijackThis v1.99.1
Scan saved at 20:38:31, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\12023SC Wireless Combo Set\MouseDrv.exe
C:\Program Files\12023SC Wireless Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Hitman Pro\srhelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12023SC Wireless Combo Set\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\12023SC Wireless Combo Set\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1121888880795
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.indiansprings.org/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\Software\..\Telephony: DomainName = vub.ac.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C2E1CC-5658-4282-8E47-9B57F3E39600}: NameServer = 134.184.250.7,134.184.15.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vub.ac.be
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
|
Senior Member
|
4. October 2006 @ 11:22 |
Link to this message
|
Ok...everything looks like it is in a quarantine. Leave SpySweeper's sheild off until all fixes are complete.
Delete Norton's and SpySweeper's quarantine.
Run scan only with HijackThis, check these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen <--Only if you do not know what that is.
ONLY if you do not know "vub.ac.be", check these.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\Software\..\Telephony: DomainName = vub.ac.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vub.ac.be
O17 - HKLM\Software\..\Telephony: DomainName = vub.ac.be
Close all windows except HijackThis, and click "Fix cheked".
Java is out of date.
Go here and download Java Runtime Environment 5.0 Update 9.
Uninstall all previous versions of JRE via Add/Remove Programs.
Restart and install Update 9.
How are things now? Was NOD32 able to quarantine the virus it found? If so, you can re-enable SpySweeper's sheilds.
Post back with a new HijackThis, want to make sure it's fully clean.
|
|
Leerma
Newbie
|
4. October 2006 @ 11:37 |
Link to this message
|
|
I uninstalled Norton Antivirus a long time ago, to delete the quarantine, do i have to delete the quarantine folder in program files?
vub.ac.be is the network of my school, so I'll leave that...
about "R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen"... I don't know what it is, "Koppelingen" is dutch for links, I think, not sure though how it's translated exactly... Shall i delete it?
About the brontok worm, every 9 minutes or so he creates new files, that get detected by NOD32, these appear to be succesfully quarantined since I unchecked SpySweeper's chield system. The virus itself appears to remain active...
|
Senior Member
|
4. October 2006 @ 11:53 |
Link to this message
|
|
Yes, fix the R0 entry.
If this folder is still there, delete it: C:\Program Files\Norton AntiVirus\Quarantine
Everything in the Kaspersky log is in a quarantine so, post a NOD32 Threat log.
Open NOD32 from the System Tray.
Click Logs.
Click Threat logs.
Right the window and click Select all and post it.
|
|
Leerma
Newbie
|
4. October 2006 @ 12:09 |
Link to this message
|
|
Java updated, Norton quarantine folder deleted, R0-file fixed.
Here are the threat logs, if i'm right:
Time Module Object Name Threat Action User Information
4/10/2006 21:54:17 AMON file C:\Documents and Settings\All Users\Documenten\Mijn video's\Mijn video's.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:16 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Voorbeelden van muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:16 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\00E9AA5C\00E9AA5C.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:15 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\Sync Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:14 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:13 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0009A200\0009A200.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:12 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\Sample Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:12 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Mijn muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:11 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Voorbeelden van afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:11 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Mijn afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:10 AMON file C:\Documents and Settings\All Users\Documenten\SharedDocs.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:54:09 AMON file C:\Documents and Settings\All Users\Documenten\Data Zulu Joseph Dryson.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:22 AMON file C:\Documents and Settings\All Users\Documenten\Mijn video's\Mijn video's.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:21 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Voorbeelden van muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:20 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\00E9AA5C\00E9AA5C.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:16 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\Sync Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:15 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:14 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0009A200\0009A200.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:14 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\Sample Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:13 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Mijn muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:12 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Voorbeelden van afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:10 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Mijn afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:08 AMON file C:\Documents and Settings\All Users\Documenten\SharedDocs.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:38:03 AMON file C:\Documents and Settings\All Users\Documenten\Data Zulu Joseph Dryson.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:17 AMON file C:\Documents and Settings\All Users\Documenten\Mijn video's\Mijn video's.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:16 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Voorbeelden van muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:16 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\00E9AA5C\00E9AA5C.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:15 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\Sync Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:14 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:13 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0009A200\0009A200.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:13 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\Sample Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:12 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Mijn muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:11 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Voorbeelden van afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:11 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Mijn afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:10 AMON file C:\Documents and Settings\All Users\Documenten\SharedDocs.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:28:09 AMON file C:\Documents and Settings\All Users\Documenten\Data Zulu Joseph Dryson.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:43 AMON file C:\Documents and Settings\All Users\Documenten\Mijn video's\Mijn video's.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:42 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Voorbeelden van muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:41 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\00E9AA5C\00E9AA5C.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:40 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\Sync Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:39 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:38 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0009A200\0009A200.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:37 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\Sample Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:36 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Mijn muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:35 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Voorbeelden van afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:31 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Mijn afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:30 AMON file C:\Documents and Settings\All Users\Documenten\SharedDocs.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 21:08:29 AMON file C:\Documents and Settings\All Users\Documenten\Data Zulu Joseph Dryson.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:37 AMON file C:\Documents and Settings\All Users\Documenten\Mijn video's\Mijn video's.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:36 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Voorbeelden van muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:35 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\00E9AA5C\00E9AA5C.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:33 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\Sync Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:32 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:31 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0009A200\0009A200.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:29 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\Sample Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:28 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Mijn muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:26 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Voorbeelden van afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:21 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Mijn afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:16 AMON file C:\Documents and Settings\All Users\Documenten\SharedDocs.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:59:14 AMON file C:\Documents and Settings\All Users\Documenten\Data Zulu Joseph Dryson.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:51:11 AMON file C:\Documents and Settings\All Users\Documenten\Mijn video's\Mijn video's.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:51:10 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Voorbeelden van muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:51:09 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\00E9AA5C\00E9AA5C.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:51:07 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\Sync Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:51:05 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:51:03 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0009A200\0009A200.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:51:01 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\Sample Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:50:59 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Mijn muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:50:58 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Voorbeelden van afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:50:56 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Mijn afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:50:54 AMON file C:\Documents and Settings\All Users\Documenten\SharedDocs.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:50:52 AMON file C:\Documents and Settings\All Users\Documenten\Data Zulu Joseph Dryson.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:41 AMON file C:\Documents and Settings\All Users\Documenten\Mijn video's\Mijn video's.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:40 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Voorbeelden van muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:38 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\00E9AA5C\00E9AA5C.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:37 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\Sync Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:36 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:34 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0009A200\0009A200.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:34 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\Sample Playlists.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:33 AMON file C:\Documents and Settings\All Users\Documenten\Mijn muziek\Mijn muziek.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:32 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Voorbeelden van afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:31 AMON file C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Mijn afbeeldingen.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:30 AMON file C:\Documents and Settings\All Users\Documenten\SharedDocs.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:41:23 AMON file C:\Documents and Settings\All Users\Documenten\Data Zulu Joseph Dryson.exe Win32/Brontok.B worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a newly created file. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:24 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN VIDEO'S\MIJN VIDEO'S.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:22 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\VOORBEELDEN VAN MUZIEK\VOORBEELDEN VAN MUZIEK.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:21 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SYNC PLAYLISTS\00E9AA5C\00E9AA5C.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:18 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SYNC PLAYLISTS\SYNC PLAYLISTS.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:15 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SKYLAR BLUE (SAMPLE MUSIC)\SKYLAR BLUE (SAMPLE MUSIC).EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:14 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SAMPLE PLAYLISTS\0009A200\0009A200.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:11 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SAMPLE PLAYLISTS\SAMPLE PLAYLISTS.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:08 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\MIJN MUZIEK.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:07 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN AFBEELDINGEN\VOORBEELDEN VAN AFBEELDINGEN\VOORBEELDEN VAN AFBEELDINGEN.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:31:04 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN AFBEELDINGEN\MIJN AFBEELDINGEN.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:30:56 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\SHAREDDOCS.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:30:47 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\DATA ZULU JOSEPH DRYSON.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE.
4/10/2006 20:24:02 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN AFBEELDINGEN\VOORBEELDEN VAN AFBEELDINGEN\VOORBEELDEN VAN AFBEELDINGEN.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:24:00 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN AFBEELDINGEN\MIJN AFBEELDINGEN.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:58 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\SHAREDDOCS.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:56 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\DATA ZULU JOSEPH DRYSON.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:53 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN VIDEO'S\MIJN VIDEO'S.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:52 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\VOORBEELDEN VAN MUZIEK\VOORBEELDEN VAN MUZIEK.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:50 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SYNC PLAYLISTS\00E9AA5C\00E9AA5C.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:47 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SYNC PLAYLISTS\SYNC PLAYLISTS.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:45 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SKYLAR BLUE (SAMPLE MUSIC)\SKYLAR BLUE (SAMPLE MUSIC).EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:42 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SAMPLE PLAYLISTS\0009A200\0009A200.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:39 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\SAMPLE PLAYLISTS\SAMPLE PLAYLISTS.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:23:33 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN MUZIEK\MIJN MUZIEK.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:20:00 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN AFBEELDINGEN\VOORBEELDEN VAN AFBEELDINGEN\VOORBEELDEN VAN AFBEELDINGEN.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:19:54 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\MIJN AFBEELDINGEN\MIJN AFBEELDINGEN.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:19:46 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\SHAREDDOCS.EXE Win32/Brontok.B worm NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE. The file was moved to quarantine. You may close this window.
4/10/2006 20:19:19 AMON file C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTEN\DATA ZULU JOSEPH DRYSON.EXE Win32/Brontok.B worm Error quarantining the object - - deleted NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Webroot\Spy Sweeper\SSU.EXE.
|
|
Leerma
Newbie
|
4. October 2006 @ 13:30 |
Link to this message
|
|
Something else now... I noticed a new folder in my Bookmarks, it's called Links and is empty, when I delete it, it comes back...
|
Senior Member
|
4. October 2006 @ 14:12 |
Link to this message
|
This is a nasty fellow. I read that many users report that NOD32 cannot fully clean it but instead deletes the files it has infected. Many claim that Avast will clean it forever. Those also claim they can't find the registry keys to delete manually.
Here's the link.
Haven't found much more information. I will continue search, but NOD32 cannot clean it from the registry. I'd install Avast to rid it, then reinstall NOD32 if you want it back.
Here's the link to Avast's website.
Edit: Hmm, just noticed you've already switched to NOD32. I'll keep looking for a fix. :)
This message has been edited since posting. Last time this message was edited on 4. October 2006 @ 14:27
|
|
Leerma
Newbie
|
5. October 2006 @ 02:56 |
Link to this message
|
|
Do I have to uninstall NOD32 first, and then install Avast, or isn't that nessecary?
|
Senior Member
|
5. October 2006 @ 10:49 |
Link to this message
|
|
Well, if you choose to install Avast, yes, it's better to uninstall NOD32 first. I looked for more info on this worm, but came up with little. Install Avast and do a full scan. Let me know how it goes.
|
|
Leerma
Newbie
|
5. October 2006 @ 11:05 |
Link to this message
|
|
Yes, I will do that!
|
|
irineu
Newbie
|
7. October 2006 @ 09:30 |
Link to this message
|
Hey niobes i can see u r doing a nice job here
im infected with this virus and i saw urs recommendations im now sacanning my pc with nod32 and then i will scan with Kaspersky ok?
and then i will pass HijackThis on my pc and post the results here!
can u help me?
|
|
irineu
Newbie
|
7. October 2006 @ 12:34 |
Link to this message
|
here r the results
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 07, 2006 22:29:10
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/10/2006
Kaspersky Anti-Virus database records: 216575
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 90259
Number of viruses found: 1
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:41:50
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Irineu\Local Settings\Application Data\Identities\{DC40B654-6026-4B52-AAF7-9998CE175EAF}\Microsoft\Outlook Express\E_Mails.dbx/[From "NOSACARDOSO" <nosacardoso@mines.edu>][Date Sat, 14 Jun 2003 11:02:32 +0000 (GMT)]/UNNAMED/Serviços Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Irineu\Local Settings\Application Data\Identities\{DC40B654-6026-4B52-AAF7-9998CE175EAF}\Microsoft\Outlook Express\E_Mails.dbx/[From "NOSACARDOSO" <nosacardoso@mines.edu>][Date Sat, 14 Jun 2003 11:02:32 +0000 (GMT)]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Irineu\Local Settings\Application Data\Identities\{DC40B654-6026-4B52-AAF7-9998CE175EAF}\Microsoft\Outlook Express\E_Mails.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Irineu\My Documents\Backup Outlook\E_Mails.dbx/[From "NOSACARDOSO" <nosacardoso@mines.edu>][Date Sat, 14 Jun 2003 11:02:32 +0000 (GMT)]/UNNAMED/Serviços Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Irineu\My Documents\Backup Outlook\E_Mails.dbx/[From "NOSACARDOSO" <nosacardoso@mines.edu>][Date Sat, 14 Jun 2003 11:02:32 +0000 (GMT)]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Irineu\My Documents\Backup Outlook\E_Mails.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\ju\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\cert8.db Object is locked skipped
C:\Documents and Settings\ju\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\ju\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\history.dat Object is locked skipped
C:\Documents and Settings\ju\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\key3.db Object is locked skipped
C:\Documents and Settings\ju\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\parent.lock Object is locked skipped
C:\Documents and Settings\ju\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Messenger\irineu_bad@hotmail.com\SharingMetadata\infected.dat Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Messenger\irineu_bad@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Messenger\irineu_bad@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Messenger\irineu_bad@hotmail.com\SharingMetadata\Working\database_87F_278A_5857_3272\dfsr.db Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Messenger\irineu_bad@hotmail.com\SharingMetadata\Working\database_87F_278A_5857_3272\fsr.log Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Messenger\irineu_bad@hotmail.com\SharingMetadata\Working\database_87F_278A_5857_3272\fsrtmp.log Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Messenger\irineu_bad@hotmail.com\SharingMetadata\Working\database_87F_278A_5857_3272\tmp.edb Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Windows Live Contacts\irineu_bad@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Microsoft\Windows Live Contacts\irineu_bad@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\Cache\079745DDd01 Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Application Data\Mozilla\Firefox\Profiles\5c4z7gx0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ju\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaAF3E.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaB7BC.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaBA7F.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC18A.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC1A2.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC1C7.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC2AB.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC2B3.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC384.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC4FA.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC4FE.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC5F0.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\flaC7FB.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\IHC7FA.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\~DF48B1.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\~DF49A7.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\~DF663D.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temp\~DF6662.tmp Object is locked skipped
C:\Documents and Settings\ju\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ju\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ju\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP205\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 22:30:27, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ju\LOCALS~1\Temp\Rar$EX00.218\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1138031022046
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAC95056-26F5-47B8-B57B-967772757FB7}: NameServer = 193.219.228.4,193.219.193.135
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
what should I do now?
|
Senior Member
|
7. October 2006 @ 13:17 |
Link to this message
|
|
Hello irineu,
The only infections I see are mail from "NOSACARDOSO" and some in other locations of Outlook.
What did NOD32 rid?
What problems are you having?
|
|
irineu
Newbie
|
7. October 2006 @ 14:06 |
Link to this message
|
I was having the same problem as leerma my AVG was detecting the I-worm/VB.DV , i was healing but it came back again from 5 to 4 minutes. Now i install the nod32 and it detected a virus but i already deleted.
I think im ok now man thanks
any problem i'll tell u
i will rid nod32 again
|
|
Leerma
Newbie
|
9. October 2006 @ 22:24 |
Link to this message
|
|
|
Senior Member
|
9. October 2006 @ 22:51 |
Link to this message
|
|
Reliable source, I use it often. That should help you in deleting it manually.
Good luck. :)
|
|
Leerma
Newbie
|
10. October 2006 @ 12:26 |
Link to this message
|
Hi Niobis,
Here to report the developements in my battle against Brontok.b... interesting name i have to say, I think I am going to name one of my kids like that, preferably when it's a girl, try to imagine, wouldn't that be great? Anyway: I think I nailed the bastard! Not by deleting it manually (as discribed in the symantec procedure I posted earlier), because, when I arrived at that particular step, I found out the virus was already gone, and nowhere to be found! Apparantly it had nothing to do with a new virusscan or anything, because no matter which one I did, the virus was never found. I believe that the virus was deleted in the process of turning of system restore!
It must be gone now, because virus notifications have seized to pop up all over the place... If I'm wrong, I'll let you know...
Many thanks for the help,
I've learned a lot!
Leerma
P.S.: I am currently connected to the local university network, and I have to say that this seems like a digital Bronx neighborhood... I've been on it for how long now... probably just a week, and i've already had to defend from viruses, a trojan (Win32.askyaya or something, I think it never had the chance of infecting my computer, since Zone Alarm caught it immediately... Chances are of course that i'm wrong, and if that's the case I'll let you know again...), and a real flesh 'n blood hacker!
Anyway, prudency is my master now...
Greetz
|
|
Advertisement
|
|
|
Senior Member
|
10. October 2006 @ 13:02 |
Link to this message
|
|
So glad to hear everything is clean now. :D
Here's a couple things you may need/want to do:
1. Set a new System Restore point.
2. Defragment your system.
3. Run Check Disk to make sure nothing was taken out by Brontok or any others.
Start > Run > type chkdsk > click OK>
4. Update Windows.
Good luck!
|
|
