|
-
October 19th, 2009, 11:16 AM
#3
hi, thank you for the reply, i will paste the combofix log below and then send a hijackthis report next.
combofix:
ComboFix 09-10-18.06 - administrator 10/19/2009 10:53.1.2 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\~WKS99TEMP\launcher.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\~WKS99TEMP\setuplng.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\~WKS99TEMP\unregwtr.exe
c:\documents and settings\Administrator\Application Data\iniasd.txt
c:\documents and settings\Administrator\Application Data\jahinewiwi._sy
c:\documents and settings\Administrator\Application Data\lizkavd.exe
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Application Data\mumi.scr
c:\documents and settings\Administrator\Application Data\seres.exe
c:\documents and settings\Administrator\Application Data\svcst.exe
c:\documents and settings\Administrator\Cookies\luhilido.scr
c:\documents and settings\Administrator\Cookies\ycefati.dll
c:\documents and settings\Administrator\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Local Settings\Application Data\gyqicolale.dl
c:\documents and settings\Administrator\Local Settings\Application Data\kogal.bin
c:\documents and settings\Administrator\Local Settings\Temp\~WKS99TEMP\launcher.exe
c:\documents and settings\Administrator\Local Settings\Temp\~WKS99TEMP\setuplng.dll
c:\documents and settings\Administrator\Local Settings\Temp\~WKS99TEMP\unregwtr.exe
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\vijehysymu.ban
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\All Users\Application Data\jehuko.com
c:\documents and settings\All Users\Application Data\yseqoxetys.reg
C:\p2hhr.bat
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\Common Files\erog.bin
c:\program files\Common Files\isewidahe.reg
c:\program files\Common Files\wyjixi.ban
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-3839024881-3593992594-23071211-500
c:\windows\dojox.dl
c:\windows\jypuwusu.sys
c:\windows\kugejewyko._sy
c:\windows\onoq.bat
c:\windows\pohexyl._sy
c:\windows\system32\_scui.cpl
c:\windows\system32\~.exe
c:\windows\system32\axaltocm.dll
c:\windows\system32\s6b8bxe74.dll
c:\windows\ubufif.exe
c:\windows\xedy.ban
c:\windows\zyqebige._dl
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWCWORKSTATION
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_NWCWorkstation
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
