Sign in to follow this  
Jangles

Anything to be afraid of?

Recommended Posts

Incident Status Location

 

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Victor\Application Data\Registry Cleaner

Hacktool:Hacktool/Hammer Not disinfected C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe

 

-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Friday, May 05, 2006 11:49:54 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.78.0

Kaspersky Anti-Virus database last update: 6/05/2006

Kaspersky Anti-Virus database records: 180424

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

 

Scan Statistics:

Total number of scanned objects: 80274

Number of viruses found: 10

Number of infected objects: 47

Number of suspicious objects: 1

Duration of the scan process: 00:53:50

 

Infected Object Name / Virus Name / Last Action

C:\Program Files\Norton AntiVirus\Quarantine\115A1A2A.cla Infected: Trojan-Downloader.Java.OpenStream.w skipped

C:\Program Files\Norton AntiVirus\Quarantine\19507F84.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\26A03278.cla Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip ZIP: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\2B053B54 Infected: Trojan-Clicker.JS.Linker.h skipped

C:\Program Files\Norton AntiVirus\Quarantine\2C8D222E Infected: Trojan-Clicker.JS.Linker.h skipped

C:\Program Files\Norton AntiVirus\Quarantine\2F5D25D1.cla Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\34F1142B.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\36A03A51.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.cla Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip ZIP: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\3BC367E8.cla Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\3DA86BFA.cla Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.cla Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip ZIP: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\438C5329.cla Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\49CF6FA7.cla Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\4F3D51C2.tmp Infected: Trojan-Downloader.Java.OpenStream.w skipped

C:\Program Files\Norton AntiVirus\Quarantine\54EA3C81.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\607638EC.wmf Suspicious: Exploit.Win32.IMG-WMF skipped

C:\Program Files\Norton AntiVirus\Quarantine\62AA2D55 Infected: Trojan-Clicker.JS.Linker.h skipped

C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.cla Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip ZIP: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\70D03E1F.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\76514F1D.cla Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\79582DF0.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\7ACB0725.cla Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\7C086480.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped

 

Scan process completed.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:54:54 PM, on 5/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE

C:\program files\valve\steam\steam.exe

C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe

C:\Program Files\PerSono\perstray.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Victor\Desktop\Stuff\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"

O4 - Startup: LifeDriveâ„¢ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Perstray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113710506767

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Share this post


Link to post
Share on other sites
Incident Status Location

 

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Victor\Application Data\Registry Cleaner

Hacktool:Hacktool/Hammer Not disinfected C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe

Those are not a problem if you installed those programs on purpose.

Share this post


Link to post
Share on other sites

Ok! Panda is just alerting you to their presence on your system, in case they were installed for nefarious purposes, but can be safely ignored it those are tools you knowingly downloaded and use :D

 

Some of the tools we use for cleaning will appear on Panda reports like that B)

 

That's why it doesn't say infected...it just says "tool"

Share this post


Link to post
Share on other sites
Sign in to follow this