Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Horse Agent2 VGC infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan Horse Agent2 VGC infection

Unread postby Dakeyras » October 29th, 2009, 9:19 am

Hi. :)

Yes, Aradi Istvánné is an administrator account and there is an other administrator: Kriszti.
OK it is not a ideal situation from both a security and practical point of view to have two admin' accounts on a system. My advice would be to either remove the other account completely and or at the very least change its status to a Limited Account only.

If not sure how to do so merely inform myself and I will provide instructions how to etc.

Otherwise I can check hard disk for errors from my computer - C drive - attributes after a reboot. It will be good or not?
Aye we can do this shortly but with further maintenance included. Just follow my instructions below thank you.

Next:

Re-run TFC(Temp File Cleaner) again please as outlined here.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • ESET Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 30th, 2009, 6:08 am

Hello!
Aye we can do this shortly but with further maintenance included. Just follow my instructions below thank you.


Sorry, I didn't want to revise you. Only I would have liked indicating in my skimpy English that working in Graphical mode is easier to me.

My PC works well :)

I have changed the other account to limited. But I found another user account in Control Panel which I have never seen: "ASP.NET Machine A..." This is a limited account with password. Do you know what my this be?

I have TFC run but log not found :(

ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f7dfb42e9c744a428e970f6a90fe6e7b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-30 09:14:37
# local_time=2009-10-30 10:14:37 )
# country="Hungary"
# lang=1033
# osver=5.1.2600 NT Szervizcsomag 3
# compatibility_mode=512 16777215 100 0 139694 139694 0 0
# compatibility_mode=1024 16777191 100 0 24509445 24509445 0 0
# compatibility_mode=8192 67108863 100 0 3745 3745 0 0
# scanned=106808
# found=1
# cleaned=0
# scan_time=6437
C:\Documents and Settings\Kriszti\Dokumentumok\MSN animációk1\install_mpd_www.msnmania.hu.zip probably a variant of Win32/Spy.Agent trojan 00000000000000000000000000000000 I
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 30th, 2009, 6:13 am

Hi!

In my previous reply I forgot to tell you: Hard Drive Maintenance/Repair is successfully done.

Rsit log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Aradi Istvánné at 2009-10-30 10:32:15
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 16 GB (42%) free of 38 GB
Total RAM: 767 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:31, on 2009.10.30.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PhotoJoy\bin\PjApp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Aradi Istvánné\Asztal\RSIT.exe
C:\Program Files\trend micro\Aradi Istvánné.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kapu.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PhotoJoy] C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Az összes letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Kijelölés letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Letöltés Free Download Managerrel - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Video letöltése a Free Download Manager-rel - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.hu/s/v/50.14/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2385059187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2460091857
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1 ... oader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B2F2B81-9F58-4831-BFC1-6569EEBB4791}: NameServer = 212.40.96.171 212.40.96.170
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google frissítési szolgáltatás (gupdate1c9de3a2d80f890) (gupdate1c9de3a2d80f890) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ARADII~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 10039 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"C-Media Mixer"=Mixer.exe /startup []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-16 2025752]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"PhotoJoy"=C:\Program Files\PhotoJoy\bin\PhotoJoy.exe [2009-04-26 918840]

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\PhotoJoy\Bin\PhotoJoy.exe"="C:\Program Files\PhotoJoy\Bin\PhotoJoy.exe:*:Enabled:PhotoJoy"
"C:\Program Files\PhotoJoy\Bin\PjApp.exe"="C:\Program Files\PhotoJoy\Bin\PjApp.exe:*:Enabled:PhotoJoy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{319bedb4-2432-11de-9731-00119521b0dd}]
shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42e453a-fab6-11dd-a364-00119521b0dd}]
shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence


======List of files/folders created in the last 1 months======

2009-10-30 10:32:15 ----D---- C:\rsit
2009-10-30 08:25:19 ----D---- C:\Program Files\ESET
2009-10-28 16:01:36 ----D---- C:\HostsXpert
2009-10-28 15:22:52 ----D---- C:\_OTM
2009-10-28 12:38:30 ----D---- C:\ikonok
2009-10-27 22:53:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-26 21:37:57 ----D---- C:\Rooter$
2009-10-25 17:11:29 ----A---- C:\WINDOWS\system32\TubeFinder.exe
2009-10-25 17:11:27 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-10-25 17:11:27 ----A---- C:\WINDOWS\system32\PCCLPFR.DLL
2009-10-25 17:11:26 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-10-25 17:11:25 ----D---- C:\Program Files\Free FLV Converter
2009-10-25 17:11:25 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\FreeFLVConverter
2009-10-25 17:11:25 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2009-10-24 21:32:09 ----D---- C:\Program Files\trend micro
2009-10-24 21:03:35 ----A---- C:\lopR.txt
2009-10-24 21:02:44 ----D---- C:\Lop SD
2009-10-23 21:54:58 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\Xilisoft
2009-10-23 09:14:20 ----D---- C:\Documents and Settings\All Users\Application Data\VertusTech
2009-10-23 09:14:18 ----D---- C:\Program Files\Vertus Fluid Mask 3
2009-10-18 08:31:34 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\Malwarebytes
2009-10-18 08:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-18 08:25:21 ----D---- C:\WINDOWS\CSC
2009-10-18 08:25:06 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-15 20:03:33 ----D---- C:\aa4106262acf51524470c6
2009-10-15 20:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 20:01:07 ----A---- C:\WINDOWS\system32\MRT.INI
2009-10-15 19:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 19:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 19:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 19:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 19:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 19:49:21 ----SHD---- C:\Config.Msi
2009-10-15 19:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 19:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 19:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 15:15:57 ----A---- C:\WINDOWS\zykitumoc.vbs
2009-10-15 15:15:57 ----A---- C:\WINDOWS\qyvupefoqi.dll
2009-10-14 20:13:45 ----D---- C:\Documents and Settings\All Users\Application Data\PhotoJoy
2009-10-14 20:13:44 ----D---- C:\Program Files\PhotoJoy
2009-10-09 08:29:50 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\DeviceDoctorSoftware
2009-10-03 21:39:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2009-10-30 08:26:14 ----D---- C:\WINDOWS\Prefetch
2009-10-30 08:25:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-30 08:25:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-30 08:25:19 ----RD---- C:\Program Files
2009-10-30 07:55:14 ----D---- C:\WINDOWS\Temp
2009-10-30 06:48:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-30 04:56:58 ----D---- C:\Letöltések
2009-10-28 15:55:57 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\Free Download Manager
2009-10-27 23:05:35 ----D---- C:\WINDOWS\system32
2009-10-27 23:05:35 ----D---- C:\WINDOWS
2009-10-27 23:02:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-27 22:55:31 ----D---- C:\WINDOWS\system32\drivers
2009-10-27 22:28:34 ----SHD---- C:\WINDOWS\Installer
2009-10-27 22:28:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-27 22:28:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-27 22:24:46 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\uTorrent
2009-10-27 21:53:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-27 21:52:52 ----D---- C:\Program Files\Common Files\Adobe
2009-10-27 21:51:18 ----D---- C:\Program Files\Adobe
2009-10-27 21:21:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-27 09:39:52 ----SD---- C:\WINDOWS\Tasks
2009-10-26 11:08:00 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\Macromedia
2009-10-26 11:07:56 ----D---- C:\WINDOWS\system32\Macromed
2009-10-25 22:47:18 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-10-24 09:50:46 ----D---- C:\WINDOWS\WinSxS
2009-10-23 17:22:06 ----D---- C:\Program Files\SystemRequirementsLab
2009-10-23 09:14:57 ----A---- C:\WINDOWS\system32\fbv48px.dll
2009-10-23 09:14:53 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-10-23 09:14:53 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-10-23 09:14:50 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-10-23 09:14:50 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-10-23 09:14:50 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-10-19 19:15:27 ----HD---- C:\WINDOWS\inf
2009-10-19 18:58:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-19 00:18:30 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-19 00:17:39 ----D---- C:\NVIDIA
2009-10-18 21:38:23 ----D---- C:\WINDOWS\system32\Restore
2009-10-18 12:37:02 ----HD---- C:\$AVG8.VAULT$
2009-10-17 23:46:31 ----A---- C:\WINDOWS\3DShadow.INI
2009-10-17 20:39:10 ----D---- C:\Program Files\DivX
2009-10-17 20:38:38 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-17 15:22:16 ----D---- C:\WINDOWS\Help
2009-10-16 14:08:17 ----RSD---- C:\WINDOWS\assembly
2009-10-16 14:00:15 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 20:03:29 ----A---- C:\WINDOWS\imsins.BAK
2009-10-15 20:03:15 ----D---- C:\Program Files\Internet Explorer
2009-10-15 20:02:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-15 19:27:49 ----SHD---- C:\System Volume Information
2009-10-15 14:42:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-10 23:03:14 ----A---- C:\WINDOWS\nvrbm.ini
2009-10-10 10:21:32 ----D---- C:\Documents and Settings\Aradi Istvánné\Application Data\BSplayer
2009-10-05 19:36:06 ----D---- C:\Program Files\PhotoFiltre Studio X
2009-10-02 19:01:57 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-31 82380]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter; C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 45568]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-26 908256]
R3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 ac97intc;Intel(r) 82801 hangillesztő telepítési szolgáltatása (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-10-10 101120]
S3 mbr;mbr; \??\C:\DOCUME~1\ARADII~1\LOCALS~1\Temp\mbr.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1E.tmp []
S3 rtl8139;Realtek RTL8139(A/B/C) alapú PCI gyors Ethernet-adapter NT illesztőprogramja; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 gupdate1c9de3a2d80f890;Google frissítési szolgáltatás (gupdate1c9de3a2d80f890); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
S2 hpdj;hpdj; C:\DOCUME~1\ARADII~1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product= []
S3 aspnet_state;ASP.NET-állapotszolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-03 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp portmegosztási szolgáltatás; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 30th, 2009, 6:14 am

Rsit info:

info.txt logfile of random's system information tool 1.06 2009-10-30 10:32:36

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Shadow by Lokas Software-->C:\WINDOWS\AWuninstall.exe Software\Lokas Ltd\3D Shadow
ACDSee 10 Photo Manager-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\6ba4f64693cf3ffde4382ffeebd542f\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{E66F3AFD-643B-4001-A3B3-35616CCFECEA}
Adobe Reader 9.2 - Hungarian-->MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{6850DD2F-1DDC-4438-95DC-03CFBC0405FB}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alien Skin Xenofex 2.0-->C:\PROGRA~1\PHOTOF~2\Plugins\XENOFE~1\UNWISE.EXE C:\PROGRA~1\PHOTOF~2\Plugins\XENOFE~1\INSTALL.LOG
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo StartUp Tuner 2.00-->"C:\Program Files\Ashampoo\Ashampoo StartUp Tuner 2\unins000.exe"
AV Bros. Page Curl Pro 2.2 (Remove Only)-->C:\Program Files\PhotoFiltre Studio X\Plugins\AV Bros Page Curl Pro 2.2\AVUninstall.exe
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
DCE Tools 1.0-->"C:\Program Files\DCETools\unins000.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ffdshow [rev 2301] [2008-11-05]-->"C:\Program Files\ffdshow\unins000.exe"
FileMenu Tools-->"C:\Program Files\LopeSoft\FileMenu Tools\unins000.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Free FLV Converter V 6.7.3-->"C:\Program Files\Free FLV Converter\unins000.exe"
Frissítés Windows XP rendszerhez (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.27\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HammerHead Rhythm Station-->C:\Program Files\HammerHead\Uninstall.exe
Harry's Filters 3.01-->"C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\HarrysFilters3\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Aradi Istvánné\Dokumentumok\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
hp deskjet 3600 series-->rundll32 hpzcon08.dll,VendorJettison hp deskjet 3600 series
hp deskjet 3600-->msiexec /x{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}
HP fényképalbumlemez-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photo and Imaging 2.1 - Scanjet 36X0 Series-->MsiExec.exe /I{49CE65E4-9EE2-4F29-8768-58DD1E45D09C}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
ID_DCRaw Image Decoder Plug-In-->MsiExec.exe /X{DA1876DD-323E-4D78-8F9F-8F4FDE25C010}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hungarian Language Pack-->MsiExec.exe /X{8FC113D5-64A6-40EE-9A39-DAB4650457A8}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - HUN-->MsiExec.exe /I{B35E52B3-BFC7-3680-9D0A-19C8512638DB}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - HUN-->MsiExec.exe /I{D5B60174-B7A9-3D80-94C7-F9BADEAD9C67}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - hun-->MsiExec.exe /I{5380C741-5656-387C-9FB0-3E45D07F864A}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base intelligens kártyás titkosításszolgáltatást nyújtó csomag-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040E-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{9030040E-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
minode.hu MindenNAP 2.0-->"c:\program files\minode\MindenNAP 2.0\Uninstal.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Nyelvi csomag a Microsoft .NET-keretrendszer 3.5 1. szervizcsomagjához – HUN-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - hun\setup.exe
PCI Audio Applications-->C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PCI Audio Driver-->cmuninst.exe
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PhotoJoy-->MsiExec.exe /X{15482D1C-117B-4201-8D39-985A91ED8433}
PhotoJoy-->Msiexec.exe /x{15482D1C-117B-4201-8D39-985A91ED8433} /qf /L*V "%temp%\PjUninstallLog.log"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
pluginCreativity textArt-->C:\PROGRA~1\PHOTOF~2\Plugins\textArt\UNWISE.EXE C:\PROGRA~1\PHOTOF~2\Plugins\textArt\textArt.log
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Simple Webpage Capture-->"C:\WINDOWS\Simple Webpage Capture\uninstall.exe" "/U:C:\Program Files\Simple Webpage Capture\Uninstall\uninstall.xml"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Super Internet TV v8.0 (Free Edition)-->"C:\Program Files\Super Internet TV\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Szótár program eltávolítása-->"C:\Program Files\Jómagam\Szótár\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Vertus Fluid Mask 3 3.0.8-->"C:\Program Files\Vertus Fluid Mask 3\Uninstall.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 7 biztonsági frissítés - KB938127-v2-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB956390-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB958215-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB960714-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB961260-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB969897-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB971961-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB972260-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB974455-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 frissítés - KB968220-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 frissítés - KB972636-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live bejelentkezési segéd-->MsiExec.exe /I{733EB793-0840-4D69-97AA-6934FC79DB16}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6E07FF7A-878C-486C-BB85-516F61A8E2C7}
Windows Live feltöltőeszköz-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Messenger-->MsiExec.exe /X{D2C2B2A0-F37E-43CC-9E94-FC52F6D20C43}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 Biztonsági frissítés (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Windows Media Player 11 Biztonsági frissítés (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Windows Media Player 11 Fontos frissítés (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Media Player 11 Gyorsjavítás (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Biztonsági frissítés (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Windows Media Player Biztonsági frissítés (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Windows Media Player Biztonsági frissítés (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Windows Media Player Biztonsági frissítés (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923561-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923789-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Windows XP biztonsági frissítés - KB938464-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938464-v2-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB946648-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950762-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950974-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951066-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951376-v2-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951698-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951748-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952004-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952954-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954211-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954459-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954600-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB955069-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956391-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956572-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956744-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956802-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956803-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956841-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956844-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB957097-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958215-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958644-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958687-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958690-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958869-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB959426-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960225-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960714-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960715-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960803-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960859-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961371-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961373-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961501-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB968537-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB969059-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB969898-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB970238-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB971486-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB971557-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB971633-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB971657-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB973346-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB973354-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB973507-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB973525-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB973869-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB974112-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB974571-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB975025-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB975467-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Windows XP Biztonsági frissítés (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP frissítés - KB951978-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows XP frissítés - KB955839-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP frissítés - KB961503-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Windows XP frissítés - KB967715-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows XP frissítés - KB968389-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Windows XP frissítés - KB973815-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB952287-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB961118-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB970653-v3-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xero Pulsar 1.01-->"C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Xero Graphics\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: OVODA-0E828F90E
Event Code: 6006
Message: Az Eseménynapló szolgáltatás leállt.

Record Number: 19079
Source Name: EventLog
Time Written: 20091009011406.000000+120
Event Type: információ
User:

Computer Name: OVODA-0E828F90E
Event Code: 20159
Message: A felhasználó (aradi@externet.hu) által a következővel létesített kapcsolat bontva lett: externet (használt eszköz: PPPoE6-0).

Record Number: 19078
Source Name: RemoteAccess
Time Written: 20091009011400.000000+120
Event Type: információ
User:

Computer Name: OVODA-0E828F90E
Event Code: 7036
Message: A(z) Lavasoft Ad-Aware Service szolgáltatás állapota: "fut".

Record Number: 19077
Source Name: Service Control Manager
Time Written: 20091008233046.000000+120
Event Type: információ
User:

Computer Name: OVODA-0E828F90E
Event Code: 7035
Message: A(z) Lavasoft Ad-Aware Service szolgáltatásnak sikeresen el lett küldve a(z) indítás vezérlő.

Record Number: 19076
Source Name: Service Control Manager
Time Written: 20091008233046.000000+120
Event Type: információ
User: NT AUTHORITY\SYSTEM

Computer Name: OVODA-0E828F90E
Event Code: 7036
Message: A(z) Lavasoft Ad-Aware Service szolgáltatás állapota: "leállítva".

Record Number: 19075
Source Name: Service Control Manager
Time Written: 20091008233045.000000+120
Event Type: információ
User:

=====Application event log=====

Computer Name: OVODA-0E828F90E
Event Code: 1800
Message: A Windows Biztonsági központ szolgáltatása elindult.

Record Number: 9676
Source Name: SecurityCenter
Time Written: 20090906082739.000000+120
Event Type: információ
User:

Computer Name: OVODA-0E828F90E
Event Code: 0
Message:
Record Number: 9675
Source Name: gupdate1c9de3a2d80f890
Time Written: 20090906082658.000000+120
Event Type: információ
User:

Computer Name: OVODA-0E828F90E
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 9674
Source Name: LightScribeService
Time Written: 20090906082629.000000+120
Event Type: információ
User:

Computer Name: OVODA-0E828F90E
Event Code: 0
Message:
Record Number: 9673
Source Name: gupdate1c9de3a2d80f890
Time Written: 20090906082624.000000+120
Event Type: információ
User:

Computer Name: OVODA-0E828F90E
Event Code: 1
Message:
Record Number: 9672
Source Name: Bonjour Service
Time Written: 20090906082621.000000+120
Event Type: információ
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby Dakeyras » October 30th, 2009, 8:08 am

Hi. :)

Sorry, I didn't want to revise you. Only I would have liked indicating in my skimpy English that working in Graphical mode is easier to me.
NO need to apologise and you have done very well so far. Aye thats why I include a link to the Graphical mode instructions as they can be easier to follow etc.

My PC works well :)
Good to know. :thumbup:

I have changed the other account to limited. But I found another user account in Control Panel which I have never seen: "ASP.NET Machine A..." This is a limited account with password. Do you know what my this be?
It is legitimate and relates to the Microsoft .NET Framework you have installed. More information can be read in this Microsoft Article.

This webpage from a MVP provides good information about the above also.

I have TFC run but log not found :(
Thats fine, the application is merely a advanced type of temp' file cleaning application etc and does not actually create a log.

In my previous reply I forgot to tell you: Hard Drive Maintenance/Repair is successfully done.
:thumbup:

Next:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files
C:\WINDOWS\zykitumoc.vbs
C:\WINDOWS\qyvupefoqi.dll
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\Documents and Settings\Kriszti\Dokumentumok\MSN animációk1\install_mpd_www.msnmania.hu.zip

:Commands
[EmptyTemp]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • OTM Log.
  • A new HijackThis Log. <-- I do not need a new RSIT log at this time.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 30th, 2009, 4:21 pm

Hi :)

My computer works well even now.

OTM log:

All processes killed
========== FILES ==========
C:\WINDOWS\zykitumoc.vbs moved successfully.
LoadLibrary failed for C:\WINDOWS\qyvupefoqi.dll
C:\WINDOWS\qyvupefoqi.dll NOT unregistered.
C:\WINDOWS\qyvupefoqi.dll moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Documents and Settings\Kriszti\Dokumentumok\MSN animációk1\install_mpd_www.msnmania.hu.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Aradi Istvánné
->Temp folder emptied: 8637 bytes
->Temporary Internet Files folder emptied: 464796 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 14715039 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kriszti
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14,52 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10302009_190809

Files moved on Reboot...

Registry entries deleted on Reboot...
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 30th, 2009, 4:25 pm

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:44, on 2009.10.30.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PhotoJoy\bin\PjApp.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Aradi Istvánné\Dokumentumok\Downloads\Aradi Istvánné.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kapu.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PhotoJoy] C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Az összes letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Kijelölés letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Letöltés Free Download Managerrel - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Video letöltése a Free Download Manager-rel - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.hu/s/v/50.14/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2385059187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2460091857
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1 ... oader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B2F2B81-9F58-4831-BFC1-6569EEBB4791}: NameServer = 212.40.96.171 212.40.96.170
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google frissítési szolgáltatás (gupdate1c9de3a2d80f890) (gupdate1c9de3a2d80f890) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ARADII~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 9983 bytes
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 30th, 2009, 4:39 pm

Hi!

During OTM's process a box came up with the following message:

"The application or DLL C:\WINDOWS\qyvupefogi.dll is an invalid Windows binary file. Please check it on install CD" (translated by me)
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby Dakeyras » October 30th, 2009, 6:38 pm

Hi. :)

What you have mentioned is not a cause for concern, any other issues remaining?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 31st, 2009, 9:45 am

Hi. :)

There is no other problem.
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby Dakeyras » October 31st, 2009, 10:04 am

Hi. :)

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Clean up with OTM:

  • Double-click OTM to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, AVG Anti-Virus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Advised Optional Installation:

There is no sign of a software firewall installed on your system. Regardless if using a hardware type and or using the inbuilt Windows Service Pack 3 firewall this is a necessary application as it will also provide outbound protection where as the aforementioned do not.

I highly advise you download ONE of the following firewalls and install it. Restart the computer for changes to take effect.


This article is a excellent resource regarding the aforementioned firewalls: Understanding and Using Firewalls

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions, feel free to ask? If not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 31st, 2009, 1:16 pm

Hi. :)
Congratulations your computer now appears to be malware free!


It is a very much good report. :bounce:

I would like to say thanks for your valuable and conscientious help. It's great, that there are specialists who help with the defence against the viruses and malwares unselfishly.

I have three questions yet:

1.) What to do with OTM folder contain moved files (hosts file, infected file etc.)

2.) Recovery of hosts file moved by OTM is not neccessary?

3.) I'm using the inbuilt Windows Service Pack 3 firewall. Does it provide enough protection? Do I have to uninstall it or disable only if I will install another firewall application?
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby Dakeyras » October 31st, 2009, 3:26 pm

Hi. :)

I would like to say thanks for your valuable and conscientious help. It's great, that there are specialists who help with the defence against the viruses and malwares unselfishly.
You are very welcome!

1.) What to do with OTM folder contain moved files (hosts file, infected file etc.)
Clean up with OTM, mentioned in my last post takes care of this.

2.) Recovery of hosts file moved by OTM is not neccessary?
No need as in the end we did successfully reset it.

3.) I'm using the inbuilt Windows Service Pack 3 firewall. Does it provide enough protection? Do I have to uninstall it or disable only if I will install another firewall application?
No you do not have to install one if you do not wish, it is merely a Advised Optional Installation. As I mentioned prior the XP SP3 firewall only provides inbound protection not outbound. If you do opt to install one it should automatically disable the XP SP3 firewall during the installation process.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan Horse Agent2 VGC infection

Unread postby clarissa » October 31st, 2009, 6:00 pm

Thank you, and I wish you fruitful work in the future.

Good bye

clarissa
clarissa
Regular Member
 
Posts: 29
Joined: October 18th, 2009, 4:05 am
Location: Hungary, Budapest

Re: Trojan Horse Agent2 VGC infection

Unread postby Dakeyras » November 1st, 2009, 8:39 am

You're welcome and stay safe! :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware