BitDefender Online Scanner
Scan report generated at: Sat, Sep 22, 2007 - 07:05:06
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
00:34:35
Files
128374
Folders
3841
Boot Sectors
7
Archives
7368
Packed Files
6026
Results
Identified Viruses
6
Infected Files
16
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
14
Engines Info
Virus Definitions
823281
Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>BnnnnBaa.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>BnnnnBaa.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>BnnnnBaa.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>VaannnaaBaa.class
Infected with: Trojan.Java.Classloader.E
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>VaannnaaBaa.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>VaannnaaBaa.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>Dnnny.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>Dnnny.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip=>Dnnny.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2606f78c-2d5dbd16.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>BnnnnBaa.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>BnnnnBaa.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>BnnnnBaa.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>VaannnaaBaa.class
Infected with: Trojan.Java.Classloader.E
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>VaannnaaBaa.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>VaannnaaBaa.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>Dnnny.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>Dnnny.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip=>Dnnny.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-73df5e6e-45c4fd8c.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-3a6adc24.zip=>HiPointInstallShieldRT.class
Infected with: Trojan.Downloader.Small.DKO
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-3a6adc24.zip=>HiPointInstallShieldRT.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-3a6adc24.zip=>HiPointInstallShieldRT.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-3a6adc24.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-526002f4-47af28cf.zip=>HiPointInstallShieldRT.class
Infected with: Trojan.Downloader.Small.DKO
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-526002f4-47af28cf.zip=>HiPointInstallShieldRT.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-526002f4-47af28cf.zip=>HiPointInstallShieldRT.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-526002f4-47af28cf.zip
Updated
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-587f64d2.zip=>HiPointInstallShieldRT.class
Infected with: Trojan.Downloader.Small.DKO
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-587f64d2.zip=>HiPointInstallShieldRT.class
Disinfection failed
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-587f64d2.zip=>HiPointInstallShieldRT.class
Deleted
C:\Documents and Settings\Yeati\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-587f64d2.zip
Updated
C:\Documents and Settings\Yeati\Local Settings\Application Data\Identities\{9859BD39-DF40-4FC9-A922-7510853BFB6C}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 657)
Infected with: Generic.Trojan.Phish.E26DC17B
C:\Documents and Settings\Yeati\Local Settings\Application Data\Identities\{9859BD39-DF40-4FC9-A922-7510853BFB6C}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 657)
Disinfection failed
C:\Documents and Settings\Yeati\Local Settings\Application Data\Identities\{9859BD39-DF40-4FC9-A922-7510853BFB6C}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 657)
Deleted
C:\Documents and Settings\Yeati\Local Settings\Application Data\Identities\{9859BD39-DF40-4FC9-A922-7510853BFB6C}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070922-055333-488.dll
Infected with: Trojan.Conhook.Y
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070922-055333-488.dll
Disinfection failed
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070922-055333-488.dll
Deleted
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070922-055403-441.dll
Infected with: Trojan.Conhook.Y
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070922-055403-441.dll
Disinfection failed
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070922-055403-441.dll
Deleted
C:\System Volume Information\_restore{E93D0057-3712-43BA-BD09-36CAC712760A}\RP2\A0000379.dll
Infected with: Trojan.Conhook.Y
C:\System Volume Information\_restore{E93D0057-3712-43BA-BD09-36CAC712760A}\RP2\A0000379.dll
Disinfection failed
C:\System Volume Information\_restore{E93D0057-3712-43BA-BD09-36CAC712760A}\RP2\A0000379.dll
Deleted
C:\System Volume Information\_restore{E93D0057-3712-43BA-BD09-36CAC712760A}\RP2\A0000380.dll
Infected with: Trojan.Conhook.Y
C:\System Volume Information\_restore{E93D0057-3712-43BA-BD09-36CAC712760A}\RP2\A0000380.dll
Disinfection failed
C:\System Volume Information\_restore{E93D0057-3712-43BA-BD09-36CAC712760A}\RP2\A0000380.dll
Deleted
C:\WINDOWS\system32\AppCert\wnl32.dll
Infected with: Trojan.Spy.XTL
C:\WINDOWS\system32\AppCert\wnl32.dll
Disinfection failed
C:\WINDOWS\system32\AppCert\wnl32.dll
Delete failed
C:\WINDOWS\system32\cryptnetf.dll
Infected with: Trojan.Conhook.Y
C:\WINDOWS\system32\cryptnetf.dll
Disinfection failed
C:\WINDOWS\system32\cryptnetf.dll
Delete failed
and this is the
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:38, on 22/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\12Ghosts\12popup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D1EE0057-3B51-4F14-8C17-C4A6E979E0D6} - c:\windows\system32\atiddcf.dll
O2 - BHO: (no name) - {D29CC861-5ABF-45A8-92D6-C936A3908710} - C:\WINDOWS\System32\cryptnetf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: enyvkybq - C:\WINDOWS\SYSTEM32\atiddcf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LifeView HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7727 bytes
Thanks in advance
Adik