Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo Dj


  • Please log in to reply

#1
MedusAmon

MedusAmon

    Member

  • Member
  • PipPip
  • 12 posts
Hallo,
I can't destroy Vundo Dj.Can you help me please?
Here is the HT log:

thanx!


Logfile of HijackThis v1.99.1
Scan saved at 13.21.09, on 18/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Clock\AnalogClock.exe
C:\Programmi\AM-Notebook\notebook.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Krashmina\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\KRASHM~1\IMPOST~1\Temp\Rar$EX00.219\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AC79871-BC8A-1DDC-0363-03DC024C51AD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnalogClock] C:\Programmi\Analog Clock\AnalogClock.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AM-Notebook.lnk = C:\Programmi\AM-Notebook\notebook.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7259EB88-C1CE-4B32-996D-5A5534724F19}: NameServer = 151.99.125.2,151.99.125.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - C:\WINDOWS\twain_32\IEXPLORE.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Programmi\Ahead\NeroNET\NeroNET.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  • 0

Advertisements


#2
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Hi there, and welcome to geekstogo! I'm Ryan, and I'll be helping you clean your computer.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

-Ryan
  • 0

#3
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Ryan!
Thanx for the answer!
Unfortunately I've already used VundoFix but everytime I reboot the system Vundo is there again..
Xoftspy delete it everytime I reboot.
What can I do:(?

Thanx again!

MedusAmon
  • 0

#4
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0AC79871-BC8A-1DDC-0363-03DC024C51AD} - (no file)
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O23 - Service: DirectX Service (DirectService) - Unknown owner - C:\WINDOWS\twain_32\IEXPLORE.EXE


Close all open windows except for HiJack This and click fix checked.


Go to Start >> Run, and paste the following line into it: sc delete DirectService


First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
-Ryan
  • 0

#5
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ryan,
I've tried with Avg + sweepspy + xoftspy+ vundo fix.
Seems the problem is fixed!!!
Thank You very much for your help and time!!!

Medusa
  • 0

#6
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please post the two logs that I asked for. I need to make sure that everything was taken care of and that your computer is clean.

-Ryan
  • 0

#7
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The log I have is this:

Logfile of HijackThis v1.99.1
Scan saved at 21.50.43, on 18/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Clock\AnalogClock.exe
C:\Programmi\AM-Notebook\notebook.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmi\XoftSpy\XoftSpy.exe
C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Krashmina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AC79871-BC8A-1DDC-0363-03DC024C51AD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [.nvsvc] "C:\WINDOWS\system\smss.exe" /w
O4 - HKLM\..\Run: [Nokia Tray Application] "C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe"
O4 - HKLM\..\Run: [ServiceLayer] "C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe"" /background
O4 - HKCU\..\Run: [AnalogClock] "C:\Programmi\Analog Clock\AnalogClock.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AM-Notebook.lnk = C:\Programmi\AM-Notebook\notebook.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7259EB88-C1CE-4B32-996D-5A5534724F19}: NameServer = 151.99.125.2,151.99.125.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - C:\WINDOWS\twain_32\IEXPLORE.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Programmi\Ahead\NeroNET\NeroNET.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sistema Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

thanx for caring:)))
  • 0

#8
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
The HJT Entries that I asked you to remove are still in the log, so let's try to get rid of them again.


== HJT Entries ==

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0AC79871-BC8A-1DDC-0363-03DC024C51AD} - (no file)
O4 - HKLM\..\Run: [.nvsvc] "C:\WINDOWS\system\smss.exe" /w
O23 - Service: DirectX Service (DirectService) - Unknown owner - C:\WINDOWS\twain_32\IEXPLORE.EXE



Close all open windows except for HiJack This and click fix checked.


== Killbox ==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
    C:\WINDOWS\system\smss.exe
    C:\WINDOWS\twain_32\IEXPLORE.EXE[/B]


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


== Batch File/ Request log ==

Please open Notepad and paste in the contents of the code box below:
echo.  >>C:\!KillBox\Logs\kb.log
echo.  >>C:\!KillBox\Logs\kb.log
echo =======>>C:\!KillBox\Logs\kb.log
echo =======>>C:\!KillBox\Logs\kb.log
echo.  >>C:\!KillBox\Logs\kb.log
sc stop DirectService>>C:\!KillBox\Logs\kb.log
sc delete DirectService>>C:\!KillBox\Logs\kb.log
notepad C:\!KillBox\Logs\kb.log

Save the file to your desktop as "cleanme.bat" (include the quotation marks).

Double click cleanme.bat; a black window will flash open and close quickly - this is normal.

Notepad will open kb.txt - please post the contents of this file.

-Ryan
  • 0

#9
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ryan,
here is the log you request for:

Pocket Killbox version 2.0.0.881
Running on Windows XP as Krashmina(Administrator)
was started @ venerdì, gennaio 19, 2007, 10.33 AM

# 1 [Delete on Reboot]
Path = C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system\smss.exe


I Rebooted @ 10.34.55 AM
Killbox Closed(Exit) @ 10.35.00 AM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Krashmina(Administrator)
was started @ venerdì, gennaio 19, 2007, 10.53 AM

Killbox Closed(Exit) @ 10.54.22 AM
__________________________________________________



is that ok?
  • 0

#10
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Unfortunately now it's all worst than ever...
The system is slow..and weird.I can't even have an image in the desktop because it has been disabled and I can't enable that function again.
I did Hijack This again and this is the last log:

Logfile of HijackThis v1.99.1
Scan saved at 13.58.51, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Clock\AnalogClock.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Krashmina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Nokia Tray Application] "C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe"
O4 - HKLM\..\Run: [ServiceLayer] "C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe"" /background
O4 - HKCU\..\Run: [AnalogClock] "C:\Programmi\Analog Clock\AnalogClock.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AM-Notebook.lnk = C:\Programmi\AM-Notebook\notebook.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7259EB88-C1CE-4B32-996D-5A5534724F19}: NameServer = 151.99.125.2,151.99.125.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Programmi\Ahead\NeroNET\NeroNET.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

what happened?
  • 0

Advertisements


#11
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
I'm not seeing anything in the HiJack This log, so let's see hwat a few other things will tell us.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

== Kaspersky Online Scanner ==

Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

== Request Logs ==

Please post the Uninstall list and the report from the Kaspersky scanner.

Also, please look for the latest AVG Anti-Spyware report (saved around 14:42 yesterday)

-Ryan
  • 0

#12
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hi and sorry for the late reply but I'm having much trouble with this pc...

here is the new hujackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 22.01.19, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Krashmina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {359B9994-A0DC-410C-99DB-7EB9B47A4173} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Programmi\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Nokia Tray Application] "C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe"
O4 - HKLM\..\Run: [ServiceLayer] "C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe"" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7259EB88-C1CE-4B32-996D-5A5534724F19}: NameServer = 151.99.125.2,151.99.125.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Programmi\Ahead\NeroNET\NeroNET.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe



and I'm waiting for the scan of kaspery in a minute i think i can send it to you


thank you!
  • 0

#13
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Open HiJackThis. Mark the following item: O2 - BHO: (no name) - {359B9994-A0DC-410C-99DB-7EB9B47A4173} - (no file) and then click Fix Checked.

Once you post the uninstall list and the Kaspersky results I will be able to further advise you.

-Ryan
  • 0

#14
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
--------------------------------------------------

hi!
here is the log of Ksky!
what happened??
-----------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 24, 2007 10:08:21 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/01/2007
Kaspersky Anti-Virus database records: 246622
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 100300
Number of viruses found: 13
Number of infected objects: 55 / 0
Number of suspicious objects: 2
Duration of the scan process: 02:08:56

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\spool\drivers\setup.exe Infected: Trojan-Proxy.Win32.Horst.sz skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\nvsvcd.exe Infected: Backdoor.Win32.Medbot.bb skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{337EDA5A-86E1-43BE-8C5F-2D875A4C3D46}.bin Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\PestTrap2.zip/Uninstall.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\PestTrap2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Documenti\setup.exe Infected: Trojan-Proxy.Win32.Horst.sz skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Krashmina\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Krashmina\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Temp\~DFDB2C.tmp Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Cronologia\History.IE5\MSHist012007012320070124\index.dat Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Temporary Internet Files\Content.IE5\4BCJ6XG7\372104909_l[1].jpg Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Dati applicazioni\Identities\{DD068E41-1072-4308-868C-46536EC0E407}\Microsoft\Outlook Express\Hotmail - Posta in arrivo.dbx Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Dati applicazioni\Identities\{DD068E41-1072-4308-868C-46536EC0E407}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Dati applicazioni\Identities\{DD068E41-1072-4308-868C-46536EC0E407}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Krashmina\Impostazioni locali\Tempsetup.exe Infected: Trojan-Proxy.Win32.Horst.pp skipped
C:\Documents and Settings\Krashmina\Cookies\index.dat Object is locked skipped
C:\VundoFix Backups\tfnyxll.dll.bad Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\VundoFix Backups\ivmrqhb.dll.bad Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\!KillBox\smss.exe Infected: Backdoor.Win32.Medbot.bb skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/install.exe/bpkhk.dll Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/install.exe/__original.exe/bpkhk.dll Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/install.exe/__original.exe/__original.exe/bpkhk.dll Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/install.exe/__original.exe/__original.exe Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/install.exe/__original.exe Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/install.exe Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/keygen.exe/bpkhk.dll Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/keygen.exe/__original.exe/bpkhk.dll Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/keygen.exe/__original.exe Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip/keygen.exe Infected: Trojan-Spy.Win32.Perfloger.w skipped
D:\EMULE INCOMING\prfcklgr 1.74 pro + KG(crack) excell.zip ZIP: infected - 10 skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/iSpyNow v2.0.zip/hs-is2py.rar/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/iSpyNow v2.0.zip/hs-is2py.rar/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/iSpyNow v2.0.zip/hs-is2py.rar Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/iSpyNow v2.0.zip Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/iSpyNow v2.0 Full.zip/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/iSpyNow v2.0 Full.zip/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/iSpyNow v2.0 Full.zip Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/ISpyNow v2.0 WinALL.zip/hs-is2py.rar/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/ISpyNow v2.0 WinALL.zip/hs-is2py.rar/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/ISpyNow v2.0 WinALL.zip/hs-is2py.rar Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/ISpyNow v2.0 WinALL.zip Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip/ISpyNow.v2.0.WinALL.RETAiL-HS/ispynow-setup.exe/ispynow.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip/ISpyNow.v2.0.WinALL.RETAiL-HS/ispynow-setup.exe Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip/ISpyNow v2.0 WinALL_Retail.zip Infected: Backdoor.Win32.Delf.bz skipped
D:\EMULE INCOMING\Ispynow v2.0 (Keylogger).zip ZIP: infected - 14 skipped
D:\EMULE INCOMING\Perfect Keylogger-v1.6.0.1 Keygen By Ttavi.rar/i_bpk2003.exe/bpkr.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped
D:\EMULE INCOMING\Perfect Keylogger-v1.6.0.1 Keygen By Ttavi.rar/i_bpk2003.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped
D:\EMULE INCOMING\Perfect Keylogger-v1.6.0.1 Keygen By Ttavi.rar RAR: infected - 2 skipped
D:\EMULE INCOMING\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.rar/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar/i_bpk2003.exe/bpkr.exe Infected: Trojan.Win32.KillAV.dt skipped
D:\EMULE INCOMING\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.rar/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar/i_bpk2003.exe Infected: Trojan.Win32.KillAV.dt skipped
D:\EMULE INCOMING\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.rar/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip/embrace.rar Infected: Trojan.Win32.KillAV.dt skipped
D:\EMULE INCOMING\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.rar/Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE/e-pk1620.zip Infected: Trojan.Win32.KillAV.dt skipped
D:\EMULE INCOMING\Perfect.Keylogger.v1.6.2.0.Incl.Keymaker-EMBRACE.rar RAR: infected - 4 skipped
D:\EMULE INCOMING\Xpc Spy Pro (Pc Monitoring & Surveillance) v1.26(1).rar/xpcspy.pro.1.26/xpcspyp.exe/data0003 Infected: Trojan-Spy.Win32.Delf.du skipped
D:\EMULE INCOMING\Xpc Spy Pro (Pc Monitoring & Surveillance) v1.26(1).rar/xpcspy.pro.1.26/xpcspyp.exe/data0006 Infected: Trojan-Spy.Win32.Delf.du skipped
D:\EMULE INCOMING\Xpc Spy Pro (Pc Monitoring & Surveillance) v1.26(1).rar/xpcspy.pro.1.26/xpcspyp.exe/data0009 Infected: Trojan-Spy.Win32.Delf.du skipped
D:\EMULE INCOMING\Xpc Spy Pro (Pc Monitoring & Surveillance) v1.26(1).rar/xpcspy.pro.1.26/xpcspyp.exe Infected: Trojan-Spy.Win32.Delf.du skipped
D:\EMULE INCOMING\Xpc Spy Pro (Pc Monitoring & Surveillance) v1.26(1).rar RAR: infected - 4 skipped
D:\PROGRAMMI GIOCHI\x fare siti\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, Flashpaper 2, Coldfusion Mx 7 Developer Edition, Freehand Mx 11.0.2, Captivate).rar/[Captivate][1.1.1290¡ÎÑ+¬®][Macromedia].rar/[Captivate][1.1.1290][Macromedia]/-+¤±+İ+¦Macromedia Captivate1.1.1290/MACROMEDIA_CAPTIVATE_V1.0_key.exe/Attach Infected: Backdoor.Win32.Hupigon.abu skipped
D:\PROGRAMMI GIOCHI\x fare siti\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, Flashpaper 2, Coldfusion Mx 7 Developer Edition, Freehand Mx 11.0.2, Captivate).rar/[Captivate][1.1.1290¡ÎÑ+¬®][Macromedia].rar/[Captivate][1.1.1290][Macromedia]/-+¤±+İ+¦Macromedia Captivate1.1.1290/MACROMEDIA_CAPTIVATE_V1.0_key.exe Infected: Backdoor.Win32.Hupigon.abu skipped
D:\PROGRAMMI GIOCHI\x fare siti\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, Flashpaper 2, Coldfusion Mx 7 Developer Edition, Freehand Mx 11.0.2, Captivate).rar/[Captivate][1.1.1290¡ÎÑ+¬®][Macromedia].rar/[Captivate][1.1.1290][Macromedia]/-+¤±+İ+¦Macromedia Captivate1.1.1290/capcn.exe/Attach Infected: Backdoor.Win32.Hupigon.abu skipped
D:\PROGRAMMI GIOCHI\x fare siti\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, Flashpaper 2, Coldfusion Mx 7 Developer Edition, Freehand Mx 11.0.2, Captivate).rar/[Captivate][1.1.1290¡ÎÑ+¬®][Macromedia].rar/[Captivate][1.1.1290][Macromedia]/-+¤±+İ+¦Macromedia Captivate1.1.1290/capcn.exe Infected: Backdoor.Win32.Hupigon.abu skipped
D:\PROGRAMMI GIOCHI\x fare siti\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, Flashpaper 2, Coldfusion Mx 7 Developer Edition, Freehand Mx 11.0.2, Captivate).rar/[Captivate][1.1.1290¡ÎÑ+¬®][Macromedia].rar Infected: Backdoor.Win32.Hupigon.abu skipped
D:\PROGRAMMI GIOCHI\x fare siti\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, Flashpaper 2, Coldfusion Mx 7 Developer Edition, Freehand Mx 11.0.2, Captivate).rar RAR: infected - 5 skipped
D:\PROGRAMMI GIOCHI\XPCSpy Pro 2.58 CRACK + SERIAL KEYGEN.exe Infected: Trojan-Downloader.Win32.Obfuscated.aa skipped
D:\PROGRAMMI GIOCHI\XPCSpy Pro 2.6 CRACK ACTIVATOR.exe Infected: Trojan-Downloader.Win32.Obfuscated.aa skipped
D:\PROGRAMMI GIOCHI\high stealth keylogger invisible and all lower Versions Crack & KeyGen.exe Infected: P2P-Worm.Win32.VB.dz skipped

Scan process completed.



cheers!
  • 0

#15
MedusAmon

MedusAmon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
and ,please,do you know why I can't put pix on the background of my desktop because it's blocked like this?


<a href="http://photobucket.com/" target="_blank"><img src="http://i45.photobuck...a3/desktop.jpg" border="0" alt="Photobucket - Video and Image Hosting"></a>



http://i45.photobuck...ba3/desktop.jpg

thanx
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP