Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:08, on 04/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\nvsvc32.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\Explorer.EXE
D:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\WINDOWS.0\system32\RUNDLL32.EXE
D:\WINDOWS.0\RTHDCPL.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\Philips\GoGear OPUS Device Manager\GoGear_OPUS_DeviceManager.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS.0\system32\CTSvcCDA.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\MsPMSPSv.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Avira\AntiVir Desktop\avcenter.exe
D:\Program Files\Avira\AntiVir Desktop\avscan.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sky.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sky.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=488R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {04E28BBF-FA52-40FD-90A8-1BD3B2F0AD64} - D:\WINDOWS.0\System32\dataclen32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - D:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] D:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] D:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Philips GoGear OPUS Device Manager.lnk = D:\Program Files\Philips\GoGear OPUS Device Manager\GoGear_OPUS_DeviceManager.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -
http://www.sky.com (file missing)
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se8942.cabO20 - AppInit_DLLs: D:\WINDOWS.0\System32\btpanui32.dll
O20 - Winlogon Notify: d8bdf464720 - D:\WINDOWS.0\System32\btpanui32.dll
O20 - Winlogon Notify: __c0029F10 - D:\WINDOWS.0\system32\__c0029F10.dat
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS.0\system32\CTSvcCDA.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - D:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - D:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS.0\system32\nvsvc32.exe
--
End of file - 8547 bytes
-----------------------------------
Avira AntiVir Personal
Report file date: Monday, January 04, 2010 13:25
Scanning for 1499119 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : EVEREST
Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 11:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 13:24:18
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 13:24:18
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 13:24:18
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 13:24:18
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 13:24:18
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 13:24:18
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 13:24:18
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 13:24:18
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 13:24:18
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 13:24:18
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 13:24:18
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 13:24:18
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 13:24:19
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 13:24:19
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 13:24:19
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 13:24:19
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 13:24:20
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 13:24:20
VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 13:24:20
VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 13:24:21
VBASE021.VDF : 7.10.2.94 2048 Bytes 12/29/2009 13:24:21
VBASE022.VDF : 7.10.2.95 2048 Bytes 12/29/2009 13:24:21
VBASE023.VDF : 7.10.2.96 2048 Bytes 12/29/2009 13:24:21
VBASE024.VDF : 7.10.2.97 2048 Bytes 12/29/2009 13:24:21
VBASE025.VDF : 7.10.2.98 2048 Bytes 12/29/2009 13:24:21
VBASE026.VDF : 7.10.2.99 2048 Bytes 12/29/2009 13:24:21
VBASE027.VDF : 7.10.2.100 2048 Bytes 12/29/2009 13:24:21
VBASE028.VDF : 7.10.2.101 2048 Bytes 12/29/2009 13:24:21
VBASE029.VDF : 7.10.2.102 2048 Bytes 12/29/2009 13:24:21
VBASE030.VDF : 7.10.2.103 2048 Bytes 12/29/2009 13:24:21
VBASE031.VDF : 7.10.2.115 162304 Bytes 1/4/2010 13:24:21
Engineversion : 8.2.1.122
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 07:38:52
AESCRIPT.DLL : 8.1.3.4 586105 Bytes 1/4/2010 13:24:24
AESCN.DLL : 8.1.3.0 127348 Bytes 1/4/2010 13:24:24
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 07:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 1/4/2010 13:24:23
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 07:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 07:38:38
AEHEUR.DLL : 8.1.0.189 2195833 Bytes 1/4/2010 13:24:23
AEHELP.DLL : 8.1.9.0 237943 Bytes 1/4/2010 13:24:22
AEGEN.DLL : 8.1.1.82 369014 Bytes 1/4/2010 13:24:22
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 07:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 1/4/2010 13:24:22
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 07:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 15:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 12:25:47
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: d:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Monday, January 04, 2010 13:25
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkyewmttapq\main
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkyewmttapq\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkyewmttapq\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkyewmttapq\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkyewmttapq\imagepath
[INFO] The registry entry is invisible.
'64677' objects were checked, '5' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'GoGear_OPUS_DeviceManager.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'EKIJ5000MUI.exe' - '1' Module(s) have been scanned
Scan process 'googletalk.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Module is infected -> 'D:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe'
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'lsass.exe' has been terminated
D:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4ba2ed2c.qua'!
46 processes with 45 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '63' files ).
Starting the file scan:
Begin scan in 'C:\' <FACTORY_IMAGE>
C:\autoexec.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\'
D:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
D:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\19\1ff80313-27683780
[0] Archive type: ZIP
--> myf/y/AppletX.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.S Java virus
--> myf/y/PayloadX.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.AD Java virus
D:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\738d5864-618a7f9a
[0] Archive type: ZIP
--> myf/y/AppletX.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.S Java virus
--> myf/y/PayloadX.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.AD Java virus
D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t0evfd4i.default\Cache\2FBFE1E1d01
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
D:\Documents and Settings\Administrator\Local Settings\Temp\108.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\10B.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\11.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\12.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\13.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\14.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\15.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\16.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\18.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\19.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\1A.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\1C.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\1E.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\1F.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\20.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\22.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\234.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\23A.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\24.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\26.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\27.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
--> ProgramFilesDir/pc.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> ProgramFilesDir/agent.exe
[DETECTION] Is the TR/Agent.556032.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\28.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\29.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\2C.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\2D.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\2E.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\2F.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\31.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\33.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\34.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\35.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\36.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\3A.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\3B.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\3C.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\3E.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\41.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\42.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\44.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\5.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\6.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\7.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\8.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\9.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\D.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\D7.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\E.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\E1.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\E5.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
--> ProgramFilesDir/pc.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> ProgramFilesDir/agent.exe
[DETECTION] Is the TR/Agent.556032.1 Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\F.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4HI5F4J5\update4303[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SH41EVK9\update4303[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\Documents and Settings\NetworkService\Local Settings\Temp\gasfkyqrabvtntic.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\WINDOWS.0\system32\camocx32.dll
[DETECTION] Is the TR/Dldr.Agent.jzx Trojan
D:\WINDOWS.0\system32\cfgmgr3232.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\clbcatex32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\cmcfg3232.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\cnvfat32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\ctl3dv232.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\D3DCompiler_3432.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\D3DCompiler_3732.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dataclen32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dbnmpntw32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dgsetup32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dimsroam32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\diskcopy32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dmdskmgr32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dmocx32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dot3clnt32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dot3svc32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dpcdll32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dpnwsock32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\dpwsock32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\ds16gt32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\EKIJCOINST0432.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\fdco132.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\gasfkyciqjlbbg.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\WINDOWS.0\system32\hidserv32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\HMTCD32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\ieencode32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
D:\WINDOWS.0\system32\SysWoW32\wu48737854v0
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Drop.Agent.hnr Trojan
D:\WINDOWS.0\system32\SysWoW32\wu48737854v2
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Drop.Agent.HE Trojan
D:\WINDOWS.0\system32\SysWoW32\_u48737854v0
[0] Archive type: ZIP
--> patch.[lucid].exe
[DETECTION] Contains recognition pattern of the WORM/Nugg.CL worm
D:\WINDOWS.0\system32\SysWoW32\_u48737854v1
[0] Archive type: ZIP
--> patch.FOFF.exe
[DETECTION] Contains recognition pattern of the WORM/Nugg.CM worm
D:\WINDOWS.0\system32\SysWoW32\_u48737854v2
[0] Archive type: ZIP
--> patch.by.CORE.exe
[DETECTION] Contains recognition pattern of the WORM/Nugg.CN worm
D:\WINDOWS.0\system32\SysWoW32\_u48737854v3
[0] Archive type: ZIP
--> patch.tmg.exe
[DETECTION] Contains recognition pattern of the WORM/Nugg.CO worm
Beginning disinfection:
C:\autoexec.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4bb5ffaa.qua'!
D:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\19\1ff80313-27683780
[NOTE] The file was moved to '4ba7ff9c.qua'!
D:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\738d5864-618a7f9a
[NOTE] The file was moved to '4b79ff69.qua'!
D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t0evfd4i.default\Cache\2FBFE1E1d01
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4b83ff7c.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\108.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b79ff66.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\10B.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b83ff66.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\11.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff67.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\12.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff68.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\13.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff69.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\14.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff6a.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\15.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff6b.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\16.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff6c.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\18.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff6e.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\19.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff6f.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\1A.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff78.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\1C.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff7a.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\1E.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff7c.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\1F.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff7d.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\20.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4668e810.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\22.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4667e02a.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\234.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b75ff6a.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\23A.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b82ff6a.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\24.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4664c9f4.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\26.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff6d.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\27.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4662b947.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\28.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff70.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\29.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff71.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\2C.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff7b.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\2D.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '467e9a35.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\2E.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '467d926e.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\2F.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b6fff7e.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\31.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '467b83ca.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\33.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '467a7b04.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\34.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4679735d.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\35.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '46786c96.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\36.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '467764b0.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\3A.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '46765cf3.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\3B.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4675542c.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\3C.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '46744c65.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\3E.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4673459f.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\41.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '46723dc4.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\42.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4671351d.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\44.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '46702d57.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\5.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4bb5ff68.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\6.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '46941ea1.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\7.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '469716f9.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\8.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '46960e31.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\9.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bb5ff69.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\D.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4693ff82.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\D7.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '4b6fff72.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\E.tmp
[DETECTION] Is the TR/Drop.BHO.BL.1 Trojan
[NOTE] The file was moved to '469def12.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\E1.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4648f7dd.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\E5.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4645df79.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temp\F.tmp
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bb5ff6a.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4HI5F4J5\update4303[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4ba5ffac.qua'!
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SH41EVK9\update4303[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4612105d.qua'!
D:\Documents and Settings\NetworkService\Local Settings\Temp\gasfkyqrabvtntic.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4bb4ff9d.qua'!
D:\WINDOWS.0\system32\camocx32.dll
[DETECTION] Is the TR/Dldr.Agent.jzx Trojan
[NOTE] The file was moved to '4baeff9d.qua'!
D:\WINDOWS.0\system32\cfgmgr3232.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba8ffa2.qua'!
D:\WINDOWS.0\system32\clbcatex32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba3ffa8.qua'!
D:\WINDOWS.0\system32\cmcfg3232.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba4ffa9.qua'!
D:\WINDOWS.0\system32\cnvfat32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bb7ffaa.qua'!
D:\WINDOWS.0\system32\ctl3dv232.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4badffb0.qua'!
D:\WINDOWS.0\system32\D3DCompiler_3432.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4b85ff6f.qua'!
D:\WINDOWS.0\system32\D3DCompiler_3732.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '58a74650.qua'!
D:\WINDOWS.0\system32\dataclen32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bb5ff9d.qua'!
D:\WINDOWS.0\system32\dbnmpntw32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bafff9e.qua'!
D:\WINDOWS.0\system32\dgsetup32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bb4ffa3.qua'!
D:\WINDOWS.0\system32\dimsroam32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4baeffa5.qua'!
D:\WINDOWS.0\system32\diskcopy32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bb4ffa5.qua'!
D:\WINDOWS.0\system32\dmdskmgr32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba5ffa9.qua'!
D:\WINDOWS.0\system32\dmocx32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bb0ffa9.qua'!
D:\WINDOWS.0\system32\dot3clnt32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bb5ffab.qua'!
D:\WINDOWS.0\system32\dot3svc32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '468e3724.qua'!
D:\WINDOWS.0\system32\dpcdll32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba4ffac.qua'!
D:\WINDOWS.0\system32\dpnwsock32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bafffac.qua'!
D:\WINDOWS.0\system32\dpwsock32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4bb8ffac.qua'!
D:\WINDOWS.0\system32\ds16gt32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4b72ffaf.qua'!
D:\WINDOWS.0\system32\EKIJCOINST0432.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4b8aff87.qua'!
D:\WINDOWS.0\system32\fdco132.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba4ffa0.qua'!
D:\WINDOWS.0\system32\gasfkyciqjlbbg.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '46f6009e.qua'!
D:\WINDOWS.0\system32\hidserv32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba5ffa5.qua'!
D:\WINDOWS.0\system32\HMTCD32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4b95ff89.qua'!
D:\WINDOWS.0\system32\ieencode32.dll
[DETECTION] Is the TR/BHO.Agent.BJ Trojan
[NOTE] The file was moved to '4ba6ffa1.qua'!
D:\WINDOWS.0\system32\SysWoW32\wu48737854v0
[NOTE] The file was moved to '4b75ffb1.qua'!
D:\WINDOWS.0\system32\SysWoW32\wu48737854v2
[NOTE] The file was moved to '463cd202.qua'!
D:\WINDOWS.0\system32\SysWoW32\_u48737854v0
[NOTE] The file was moved to '4b75ffb2.qua'!
D:\WINDOWS.0\system32\SysWoW32\_u48737854v1
[NOTE] The file was moved to '584b340b.qua'!
D:\WINDOWS.0\system32\SysWoW32\_u48737854v2
[NOTE] The file was moved to '584a2c33.qua'!
D:\WINDOWS.0\system32\SysWoW32\_u48737854v3
[NOTE] The file was moved to '583524fb.qua'!
End of the scan: Monday, January 04, 2010 14:46
Used time: 43:41 Minute(s)
The scan has been done completely.
14537 Scanned directories
338062 Files were scanned
98 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
91 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
337963 Files not concerned
3475 Archives were scanned
1 Warnings
92 Notes
64677 Objects were scanned with rootkit scan
5 Hidden objects were found