--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 11, 2008 07:03:10
Records in database: 850670
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 51856
Threat name: 15
Infected objects: 53
Suspicious objects: 0
Duration of the scan: 03:37:12
File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0000\4EED2F41.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0001\4EED2F68.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0002\4EED306B.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0003\4EED30AD.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0004\4EED30D7.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0005\4EED30FB.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0006\4EED33E0.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0007\4EED34CA.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0008\4EED34ED.VBN Infected: Trojan.Win32.Monder.le 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0009\4EED350F.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000A\4EED3531.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000B\4EEE89F0.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000C\4EEE97FC.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000D\4EEEA60A.VBN Infected: Trojan.Win32.Monder.le 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000E\4EEEB41A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000F\4EEEC22A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80000\4EFBE32B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80001\4EFBEAF5.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540000\4F7EC439.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.trv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07800001\4FC1701C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07980000\4FBAA686.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.trl 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-186.dll Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-750.dll Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-911.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cgcvforn.dll.vir Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eddkrpsp.dll.vir Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\efcBtrRH.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\geButqPJ.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gvlrcwkm.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\imgkiutu.dll.vir Infected: Trojan.Win32.Agent.rep 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kberlbhf.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lllxnylh.dll.vir Infected: Trojan.Win32.Agent.rep 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mymqwijq.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\neisglhy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.xjc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qpcmmryn.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\catchme2008-06-08_ 71433.98.zip Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\Program Files\CBS Software\SpeedConnect Internet Accelerator\keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\awtrPjJa.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\dvusitau.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\geBssqOH.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\gtmyvemm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsm 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\ixxmugla.dll Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\kelryauh.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\mgjtgulu.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\mujejosr.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\nnnnMCVM.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\ojgjwokg.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\pofqdjni.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\qoMcywWm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\snppqygk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.xjc 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\vtUkhFUn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\vylugrpt.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\ykoeuyqd.dll Infected: Trojan.Win32.Monder.gen 1
The selected area was scanned.
-----------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:52 AM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\Atiptaab.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\stacy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\stacy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\stacy\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5065 bytes