W32/Virut-Gen

View previous topic View next topic Go down

W32/Virut-Gen

Post by Maryka23 on Tue May 05, 2009 8:35 pm

Hey!!, i found this virus W32/Virut-Gen on the result of my every week antivirus scan, so i woul like to know how can i remove it, i havent noticed big changes of my computer, no difficulties at all, but i dont want a future sorprises, so what can i do? my system windows xp, webroot anivirus.

thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:34 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Maria\Desktop\Hijack(GP)This.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] "C:\Program Files\BellCanada\McciTrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus NX200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE" /FU "C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\E_S434.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WeatherEye] "C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - Startup: Epson all-in-one Registration.lnk = D:\Common\EpsonReg\Epkick.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6348 bytes

Maryka23
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2009-05-05
OS : windows xp

View user profile

Back to top Go down

Re: W32/Virut-Gen

Post by Belahzur on Tue May 05, 2009 8:37 pm

Hello.
Bad news. If this is a Virut infection, then game over for this machine.

Virut is a polymorphic file infecter, which cannot be fixed. See here for more detail:
[You must be registered and logged in to see this link.]

We'll see what this says.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

I Have the same problem

Post by Darkracer13 on Tue Jul 14, 2009 7:24 pm

Here is the DDS.TxT fil



DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 15:21:50.82 on Tue 07/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.532 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\DAEMON Tools Pro Full\DTProAgent.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RE92UBAZ\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {03914789-7DFE-4C80-B7D0-1C973CA52437} - No File
BHO: {0CC1B000-53B7-4EF6-905E-F896AF07D4F3} - No File
BHO: {14CB1926-6641-4C96-879B-14AA6B9AC027} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {317EF4CA-CC37-4F80-ABF1-0F72ED48473E} - No File
BHO: {351c099d-ebbe-4655-8b06-c68607f9ade9} - c:\windows\system32\cbXopQhf.dll
BHO: {5288526F-8EB0-4F91-A4A3-313B6F0ECC38} - No File
BHO: {5a78fcf2-93d2-4dd1-bd4d-1014219dd851} - c:\windows\system32\tuvWqQgh.dll
BHO: {70B08452-9B28-4102-92C0-949A6F8A845F} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {88ba1602-d5ce-4b66-808a-6c033b4a770f} - No File
BHO: {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - No File
BHO: {A0E6A96E-F317-4DFE-83C0-93C8120DFE94} - No File
BHO: {B8F08194-A015-4901-BD77-3A116BA63FFE} - No File
BHO: {BBE038F7-7178-4CFA-9CA1-C24461E380F2} - No File
BHO: {ca75ffb2-5ecd-4038-b931-6bf4bf064a4a} - c:\windows\system32\lelizomo.dll
BHO: {d6d89ace-9613-4ee2-aca9-e2a2f3a725e4} - c:\windows\system32\rqRIbBqo.dll
BHO: c:\windows\system32\grffr83hn.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\grffr83hn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e75b4036-33a1-46c2-82c2-296e5da4b670} - No File
BHO: {FE1A6DA1-5558-4AEA-BB4C-B81D8D483F53} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro full\DTProAgent.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SBI] c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pf1w4pot\setup_sbd_en[1].exe
mRun: [Easy Dock]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SNM] o:\virus\spynomore\SNM.exe /startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [sysldtray] c:\windows\ld12.exe
mRun: [pp] c:\windows\pp10.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
dRun: [] c:\windows\temp\u6ck2gydnv.exe
dRun: [hsf7husjnfg98gi498aejhiugjkdg4] c:\windows\temp\u6ck2gydnv.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\owner\my documents\rca detective\RCADetective.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - [You must be registered and logged in to see this link.]
Notify: jkkIATJD - jkkIATJD.dll
Notify: pmnnLEVl - pmnnLEVl.dll
AppInit_DLLs: reeavi.dll c:\windows\system32\nukatojo.dll,c:\windows\system32\gekujoni.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\grffr83hn.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\grffr83hn.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRIbBqo
LSA: Notification Packages = scecli c:\windows\system32\nukatojo.dll c:\windows\system32\gekujoni.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-14 130936]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-12 11608]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-6-19 3026]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-7-14 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-7-14 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-7-14 29776]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-10-10 78848]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-12 55640]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-7-14 362184]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-14 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-7-14 1095560]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-7-14 3285704]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-24 33752]

Darkracer13
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2009-07-14
OS : XP

View user profile

Back to top Go down

Cont.

Post by Darkracer13 on Tue Jul 14, 2009 7:25 pm

=============== Created Last 30 ================

2009-07-14 14:44 --d----- c:\docume~1\owner\applic~1\OnlineArmor
2009-07-14 14:44 --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-07-14 14:44 200,784 a------- c:\windows\system32\drivers\OADriver.sys
2009-07-14 14:44 29,776 a------- c:\windows\system32\drivers\OAnet.sys
2009-07-14 14:44 24,656 a------- c:\windows\system32\drivers\OAmon.sys
2009-07-14 14:44 --d----- c:\program files\Tall Emu
2009-07-14 14:27 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-07-14 14:27 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-14 14:27 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-14 14:27 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-07-14 14:27 --d----- c:\program files\common files\PC Tools
2009-07-14 14:27 --d----- c:\program files\Spyware Doctor
2009-07-14 14:27 --d----- c:\docume~1\owner\applic~1\PC Tools
2009-07-14 14:27 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-07-14 14:07 1 a------- c:\windows\934fdfg34fgjf23
2009-07-14 14:07 15,360 ----h--- c:\windows\pp10.exe
2009-07-14 14:07 2 a------- c:\windows\0101120101464849.dat
2009-07-14 14:07 2 a------- c:\windows\010112010146118114.dat
2009-07-14 14:06 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-14 14:01 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-14 14:01 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-14 13:24 --d----- c:\program files\Deep Silver
2009-07-14 13:23 --d----- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-07-13 20:28 1,607 a------- c:\windows\ST6UNST.002
2009-07-13 20:27 1,607 a------- c:\windows\ST6UNST.001
2009-07-13 20:27 1,649,399 -------- c:\windows\TRAINE~1.CAB
2009-07-13 20:11 --d----- c:\windows\mm.BOT
2009-07-13 19:39 --d----- c:\program files\Hero Editor
2009-07-13 19:25 --d----- c:\docume~1\owner\applic~1\flatball
2009-07-13 18:09 73,216 a------- c:\windows\temp.008
2009-07-13 18:09 73,216 a------- c:\windows\temp.007
2009-07-13 18:09 73,216 a------- c:\windows\temp.006
2009-07-13 18:09 73,216 a------- c:\windows\temp.005
2009-07-13 18:09 73,216 a------- c:\windows\temp.004
2009-07-13 18:09 73,216 a------- c:\windows\temp.003
2009-07-13 18:09 73,216 a------- c:\windows\temp.002
2009-07-13 18:09 73,216 a------- c:\windows\temp.001
2009-07-13 18:09 73,216 a------- c:\windows\temp.000
2009-07-13 18:09 5,305 a------- c:\windows\ST6UNST.000
2009-07-13 18:08 286,720 -------- c:\windows\Setup1.exe
2009-07-13 18:08 73,216 -------- c:\windows\ST6UNST.EXE
2009-07-12 18:55 --d----- c:\program files\DAEMON Tools Pro Full
2009-07-12 17:49 --d----- c:\docume~1\owner\applic~1\Resource Tuner
2009-07-12 17:49 --d----- c:\program files\Resource Tuner
2009-07-12 16:30 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-12 16:30 --d----- c:\program files\Avira
2009-07-12 16:30 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-12 16:14 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-07-12 16:14 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-07-12 16:14 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-07-12 16:14 --d----- c:\program files\ffdshow
2009-07-12 16:12 719,872 a------- c:\windows\system32\devil.dll
2009-07-12 16:12 308,224 a------- c:\windows\system32\avisynth.dll
2009-07-12 01:43 --d----- c:\program files\common files\Bcgsoft
2009-07-11 15:46 --d----- c:\docume~1\owner\applic~1\Moyea
2009-07-11 15:34 --d----- c:\program files\The Game Creators
2009-07-10 23:24 306,688 a------- c:\windows\IsUninst.exe
2009-07-10 22:30 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-07-10 22:30 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-07-10 22:30 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-10 22:28 --d----- c:\windows\Replay Media Catcher
2009-07-10 22:15 --d----- c:\program files\DAEMON Tools Pro
2009-07-10 22:04 --d----- c:\windows\Replay Converter 3
2009-07-09 19:14 1,152 a------- c:\windows\system32\windrv.sys
2009-07-08 12:44 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-07-08 12:44 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-07-08 12:44 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-07-08 12:44 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-07-08 12:44 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-07-08 12:44 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-07-08 12:44 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-06-28 23:17 --d----- c:\program files\common files\Symantec Shared
2009-06-28 23:17 --d----- c:\program files\Norton Security Scan
2009-06-28 20:11 35,506 a------- c:\windows\DIIUnin.dat
2009-06-28 20:11 94,208 a------- c:\windows\DIIUnin.exe
2009-06-28 20:11 2,829 a------- c:\windows\DIIUnin.pif
2009-06-28 18:35 --d----- c:\windows\SxsCaPendDel
2009-06-28 08:17 204,800 a------- c:\windows\system32\xwr18769.dll
2009-06-28 07:38 --d----- c:\docume~1\owner\applic~1\NCH Software
2009-06-28 07:37 --d----- c:\program files\NCH Software
2009-06-28 07:03 --d----- c:\program files\DVDlabPro2
2009-06-28 01:40 11,618 ----h--- c:\windows\system\data
2009-06-27 22:54 --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-06-27 22:45 --d----- C:\ProgramData
2009-06-27 22:45 4,722 a------- c:\windows\system32\ealregsnapshot1.reg
2009-06-27 19:41 91 ----h--- c:\windows\system\temp1.db
2009-06-27 19:40 13 a------- c:\temp\network.reg
2009-06-27 19:40 13 a------- c:\temp\network.bat
2009-06-27 16:58 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-27 16:58 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-27 16:57 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-06-27 13:41 --d----- c:\program files\EA GAMES
2009-06-26 23:12 --d----- c:\program files\InstantStorm
2009-06-26 22:39 --d----- c:\program files\QuickSFV
2009-06-26 20:53 495,104 a------- c:\windows\D3Tyreal.exe
2009-06-26 20:53 161,078 a------- c:\windows\D3Tyreal.bmp
2009-06-26 20:53 23,558 a------- c:\windows\D3Tyreal.ico
2009-06-26 20:53 672 a------- c:\windows\D3Tyreal.c3
2009-06-26 20:53 672 a------- c:\windows\D3Tyreal.c1
2009-06-26 20:53 639 a------- c:\windows\D3Tyreal.c4
2009-06-26 20:53 0 a------- c:\windows\D3Tyreal.ini
2009-06-26 20:53 2,359,820 a------- c:\windows\D3Tyreal.swf
2009-06-26 20:53 903,680 a------- c:\windows\D3Tyreal.scr
2009-06-26 20:53 --d----- c:\windows\D3Tyreal Uninstaller
2009-06-26 12:41 --d----- c:\program files\Super_DVD_Creator_9.8
2009-06-25 00:00 --d----- c:\windows\system32\xlive
2009-06-25 00:00 --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-06-24 23:45 --d----- c:\program files\RADVideo
2009-06-24 21:03 --d----- c:\docume~1\owner\applic~1\Free Audio Editor
2009-06-24 21:02 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2009-06-24 21:02 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2009-06-24 21:02 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2009-06-24 21:02 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2009-06-24 21:02 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2009-06-24 21:02 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2009-06-24 21:02 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2009-06-24 21:02 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2009-06-24 21:02 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2009-06-24 21:02 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2009-06-24 21:02 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-06-24 20:45 81,920 a------- c:\docume~1\owner\applic~1\ezpinst.exe
2009-06-24 20:45 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-24 20:45 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-06-24 20:44 --d----- c:\windows\system32\system
2009-06-24 20:41 658,432 a------- c:\windows\system32\cc3270mt.dll
2009-06-23 12:12 --d----- c:\program files\Incomplete
2009-06-23 02:46 --d----- c:\program files\uTorrent
2009-06-23 01:58 --d----- c:\documents and settings\owner\.thumbnails
2009-06-23 01:53 --d----- c:\documents and settings\owner\.gimp-2.6
2009-06-23 01:53 --d----- c:\documents and settings\owner\.gegl-0.0
2009-06-23 01:52 --d----- c:\program files\GIMP-2.0
2009-06-19 18:51 --d----- c:\docume~1\owner\applic~1\uTorrent
2009-06-19 17:39 --d----- c:\docume~1\owner\applic~1\AVS4YOU
2009-06-19 17:39 --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-19 17:36 --d----- c:\program files\AVS4YOU
2009-06-19 17:33 --d----- c:\program files\common files\AVSMedia
2009-06-19 17:33 24,576 a------- c:\windows\system32\msxml3a.dll
2009-06-19 16:43 309 a------- c:\windows\W2W.ini
2009-06-19 16:42 3,026 a------- c:\windows\system32\drivers\hwinterface.sys
2009-06-19 16:37 796,672 a------- c:\windows\GPInstall.exe
2009-06-19 16:29 372,296 a------- c:\windows\updater.exe
2009-06-19 16:29 8,183,675 a------- c:\windows\gmaker.exe
2009-06-15 20:01 991,232 a------- c:\windows\system32\imageviewer2.ocx
2009-06-15 20:01 224,016 a------- c:\windows\system32\tabctl32.ocx
2009-06-15 20:01 200,704 a------- c:\windows\system32\threed32.ocx
2009-06-15 20:01 151,552 a------- c:\windows\system32\ccrpfd6.ocx
2009-06-15 20:01 110,592 a------- c:\windows\system32\ccrpbds6.dll
2009-06-15 20:01 106,496 a------- c:\windows\system32\mbprgbar.ocx
2009-06-15 20:01 --d----- c:\program files\PIXresizer
2009-06-15 19:00 --d----- c:\program files\Oberon Media

==================== Find3M ====================

2009-07-14 14:06 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-07-08 12:38 1,682 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-07-08 12:36 88 ---shr-- c:\docume~1\alluse~1\applic~1\1E1B4F1400.sys
2009-07-08 11:37 17,408 a------- C:\psapi.dll
2009-06-28 20:23 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-06-28 20:23 17,212 a------t c:\windows\system32\SIntf32.dll
2009-06-28 20:23 12,067 a------t c:\windows\system32\SIntf16.dll
2009-06-16 23:29 59,556 a---h--- c:\windows\system32\mlfcache.dat
2009-06-15 20:02 359,737 a------- c:\program files\IMG_9099 (1152 x 1728).jpg
2009-06-06 21:18 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-09 19:06 85,657 a------- c:\windows\system32\3a157069-98a3-2d8f-13f6-35ee9aa1a696.exe
2009-03-08 17:33 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-03-08 14:34 56 ---shr-- c:\windows\system32\00144F1B1E.sys
2009-03-08 20:04 1,430 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-03-08 14:34 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-02 18:30 276,845 a--sh--- c:\windows\system32\oqBbIRqr.ini2
2008-10-11 17:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101120081012\index.dat

============= FINISH: 15:22:34.12 ===============

Darkracer13
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2009-07-14
OS : XP

View user profile

Back to top Go down

Re: W32/Virut-Gen

Post by Origin on Tue Jul 14, 2009 9:29 pm

Hello Darkracer13, please refrain from posting in other members topics and start your own.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum