Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tried all... KALVsys problem


  • Please log in to reply

#1
Dorf

Dorf

    New Member

  • Member
  • Pip
  • 7 posts
Hi, i´ve tried all, and still dind´t remove kalvsys...

this´s my log...

Logfile of HijackThis v1.99.0
Scan saved at 13:11:45, on 01-02-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Logitech\iTouch\iTouch.exe
C:\Programas\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\D-Tools\daemon.exe
C:\Programas\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Logitech\MouseWare\system\em_exec.exe
C:\Programas\Ficheiros comuns\Nokia\Tools\NclTray.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\ScannerU\AM32.exe
C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
C:\Programas\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Guerrinha\Ambiente de trabalho\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programas\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programas\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programas\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [NetLimiter] C:\Programas\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programas\Ficheiros comuns\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvsae32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programas\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Action Manager 32.lnk = C:\Programas\ScannerU\AM32.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MBNet - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - c:\progra~1\sibs\mbnet\icone.hta
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/cc/mbnetbrws.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15009/CTPID.cab
O23 - Service: Serviço de gateway de camada de aplicação - Unknown - OLD-C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe


Thx for any help....
  • 0

Advertisements


#2
Dorf

Dorf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I´ve search and made all the things that are posted in the forum, and still have it... :thumbsup:
Here is my L2Mfix log...

:cheers:
L2MFIX find log 1.02a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
"iebar"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}"="Nokia Phone Browser"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
Directory Listing of system files:
O volume na unidade C nÆo tem nome
O n£mero de s‚rie do volume ‚ D41C-78C6

Direct¢rio de C:\WINDOWS\System32

18-01-2005 00:10 <DIR> dllcache
29-11-2004 14:58 1.682 KGyGaAvL.sys
29-11-2004 14:58 56 2B61AAB683.sys
04-08-2004 07:57 12.288 regsvr32.exe
04-08-2004 07:56 83.456 olepro32.dll
04-08-2004 07:56 553.472 oleaut32.dll
04-08-2004 07:56 343.040 msvcrt.dll
04-08-2004 07:56 413.696 msvcp60.dll
04-08-2004 07:56 54.784 msvcirt.dll
04-08-2004 07:56 1.028.096 mfc42.dll
22-07-2004 11:13 <DIR> ShellDHCP
01-06-2004 00:54 <DIR> Microsoft
9 ficheiro(s) 2.490.570 bytes
3 Dir(s) 16.896.442.368 bytes livres

Sorry by the poor english,
Greetings from :tazz: Portugal ;)
  • 0

#3
Dorf

Dorf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
anyone?? :tazz:
  • 0

#4
Dorf

Dorf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
:tazz: ;) :cheers: :thumbsup: :cheers:
  • 0

#5
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Welcome to Geeks to Go! :tazz:

You may wish to print out a copy of these instructions to follow while you complete this procedure.Be sure you're able to view hidden files, and remove the following files in bold (if found):
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvsae32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe


Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Be sure you're able to view hidden files, and remove the following files/folders (if found):

c:\windows\system32\kalvsae32.exe
C:\WINDOWS\system32\IoctlSvc.exe


Exit Explorer, and reboot as normal afterwards.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. ;)
  • 0

#6
Dorf

Dorf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
:tazz:

Hi, thx 4 you help, i´ve done what you saied and this is the log after done it.

Logfile of HijackThis v1.99.0
Scan saved at 1:57:21, on 05-02-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programas\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Guerrinha\Ambiente de trabalho\Clean\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programas\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programas\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programas\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [NetLimiter] C:\Programas\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programas\Ficheiros comuns\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvsae32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programas\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Action Manager 32.lnk = C:\Programas\ScannerU\AM32.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MBNet - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - c:\progra~1\sibs\mbnet\icone.hta
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/cc/mbnetbrws.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15009/CTPID.cab
O23 - Service: Serviço de gateway de camada de aplicação - Unknown - OLD-C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe


i´ve notice that on reebot in normal mode the ad-watch give me the information of registry mofification, kalvsae, but in safe mode i only can find the ioctlsvc.ex_ , starnge.... ;)


PS- sorry for the bad english...
  • 0

#7
Dorf

Dorf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I´ve change my security, now have Panda Plat*** is2005, here is my fresh log...
Logfile of HijackThis v1.99.0
Scan saved at 19:51:03, on 06-02-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\D-Tools\daemon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Programas\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\Programas\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Programas\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Guerrinha\Ambiente de trabalho\Clean\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programas\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programas\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programas\Ficheiros comuns\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Programas\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programas\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Action Manager 32.lnk = C:\Programas\ScannerU\AM32.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MBNet - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - c:\progra~1\sibs\mbnet\icone.hta
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/cc/mbnetbrws.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15009/CTPID.cab
O23 - Service: Serviço de gateway de camada de aplicação - Unknown - OLD-C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service - Unknown - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programas\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP