Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] i have a problem with yourpricyguard malware


  • This topic is locked This topic is locked
5 replies to this topic

#1 benale89

benale89

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 21 October 2007 - 06:31 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.19.10, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
E:\alessio\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
E:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\OneStepSearch\onestep.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
E:\alessio\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
E:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\RALINK\Common\RaUI.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.leeman-au....nl/startpagina
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyintra.inps:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;10.*;192.168.*;*.inps;*.inps.it;172.16.16.*
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 66.212.225.28 www.pokerstars.com
O1 - Hosts: 213.212.82.181 www.globetscore.com
O1 - Hosts: 212.62.21.228 poker.betfair.com
O1 - Hosts: 205.205.29.114 everestpoker.com
O1 - Hosts: 195.72.134.51 payments.bwin.com
O1 - Hosts: 195.244.207.20 www.betway.com
O1 - Hosts: 84.20.193.56 www5.betfair.com
O1 - Hosts: 213.212.72.122 enigma.globet.co.uk
O1 - Hosts: 195.244.216.2 WWW.GAMEBOOKERS.CO.UK
O1 - Hosts: 213.212.82.184 www.globet.tv
O1 - Hosts: 193.203.227.90 www.bwin.com
O1 - Hosts: 212.12.47.72 www.pg24.it
O1 - Hosts: 83.138.175.137 www.betshop.com
O1 - Hosts: 213.52.217.63 www.sportingbet.com
O1 - Hosts: 213.52.217.49 it.sportingbet.com
O1 - Hosts: 62.99.138.61 www.expekt.com
O1 - Hosts: 193.203.227.71 www.betandwin.com
O1 - Hosts: 216.152.164.80 www.pinnaclesports.com
O1 - Hosts: www.swapbets.com www.swapbets.com
O1 - Hosts: 89.187.70.53 www.jokerbets.com
O1 - Hosts: 64.69.65.80 www.casinopokerlasvegas.com
O1 - Hosts: 62.7.228.141 www.eurobet.com
O1 - Hosts: 213.212.82.185 www.globet.com
O1 - Hosts: 203.115.210.212 www.007bets.com
O1 - Hosts: 207.210.235.29 www.007sportsbetting.com
O1 - Hosts: 207.210.235.29 www.07sports.com
O1 - Hosts: 65.36.221.8 www.1001casino.com
O1 - Hosts: 66.199.173.138 www.100kcasino.com
O1 - Hosts: www.101-casino.com www.101-casino.com
O1 - Hosts: 89.234.62.2 www.10bet.com
O1 - Hosts: 216.73.118.234 www.10handpokercasino.com
O1 - Hosts: 69.57.144.67 www.1luckygambler.com
O1 - Hosts: 64.202.189.170 www.1on1footballsportsbetting.com
O1 - Hosts: 64.158.29.134 www.1sportbook.com
O1 - Hosts: 205.234.139.66 www.1st-free-casino-online.com
O1 - Hosts: 64.70.249.150 www.1stlines.com
O1 - Hosts: www.1stonlineinternetcasino.com www.1stonlineinternetcasino.com
O1 - Hosts: 209.5.113.67 www.24caratcasino.com
O1 - Hosts: 213.48.117.162 www.24dogs.com
O1 - Hosts: 217.168.174.80 www.24hbet.com
O1 - Hosts: 217.168.174.32 www.24hpoker.com
O1 - Hosts: 190.7.195.3 www.2betdsi.com
O1 - Hosts: 64.40.109.33 www.4platinumsportsbook.com
O1 - Hosts: 83.138.185.248 www.4sportsbetting.com
O1 - Hosts: 200.122.156.227 www.4sportspicks.com
O1 - Hosts: 205.134.188.249 www.52bet.com
O1 - Hosts: 216.194.167.160 www.5dimes.com
O1 - Hosts: 66.226.75.118 www.7-11-casino.com
O1 - Hosts: 205.234.137.214 www.7onlinecasino.com
O1 - Hosts: 190.7.195.4 www.7palms.com
O1 - Hosts: 213.52.230.222 www.888.com
O1 - Hosts: 217.72.240.204 www.888casino.com
O1 - Hosts: 69.57.144.67 www.888casinoonnet.com
O1 - Hosts: www.888-free-casino-games.com www.888-free-casino-games.com
O1 - Hosts: www.888-online-casino.com www.888-online-casino.com
O1 - Hosts: 82.165.163.231 www.88sportsbetting.com
O1 - Hosts: 67.131.69.123 www.abcislands.com
O1 - Hosts: 205.134.188.247 www.acescasino.net
O1 - Hosts: 66.212.230.179 www.acropoliscasinos.com
O1 - Hosts: 80.120.174.220 www.admiralbet.com
O1 - Hosts: 207.139.91.25 www.advantagesportsbetting.com
O1 - Hosts: 217.15.106.34 www.aldocoppolacasino.com
O1 - Hosts: 207.210.235.29 www.allbetsrus.com
O1 - Hosts: 69.90.108.200 www.allprosportsbook.com
O1 - Hosts: 209.51.142.30 www.allsportscasino.com
O1 - Hosts: 64.69.65.202 www.AllSportsMarket.com
O1 - Hosts: 205.134.188.249 www.allstarsportsbook.com
O1 - Hosts: 74.200.198.186 www.allytab.com
O1 - Hosts: 64.202.189.170 www.americancasinoonline.com
O1 - Hosts: 64.37.97.67 www.americas-onlinecasino.com
O1 - Hosts: 204.13.160.129 www.anguilla-casino.com
O1 - Hosts: 69.90.47.118 www.anytimewager.com
O1 - Hosts: 66.235.220.191 www.apexsportsbook.com
O1 - Hosts: 212.56.159.148 www.astrabet.com
O1 - Hosts: 204.174.223.205 www.athomesportsbook.com
O1 - Hosts: 213.146.146.67 www.attheraces.co.uk
O1 - Hosts: 195.173.72.90 www.attheraces.com
O1 - Hosts: 209.51.142.16 www.aztecgaming.com
O1 - Hosts: 66.199.173.138 www.baccaratcasino.com
O1 - Hosts: 217.160.95.49 www.backandlay.com
O1 - Hosts: 204.13.160.129 www.bcbets.com
O1 - Hosts: 205.134.188.249 www.belmontcasino.com
O1 - Hosts: 205.134.188.244 www.bestecasino.com
O1 - Hosts: 201.224.248.37 www.bestlinesports.com
O1 - Hosts: 65.36.221.8 www.best-online-casinos.1001casino.com
O1 - Hosts: 217.168.164.75 www.bestpoker.com
O1 - Hosts: 87.248.209.102 www.bet19.com
O1 - Hosts: 217.168.162.99 www.bet24.com
O1 - Hosts: 62.44.67.152 www.bet247.co.uk
O1 - Hosts: 83.245.54.203 www.Bet365.com
O1 - Hosts: 216.40.33.252 www.betabet.com
O1 - Hosts: 89.151.99.34 www.betandgame.com
O1 - Hosts: 80.243.162.175 www.bet-at-home.com
O1 - Hosts: 64.15.78.40 www.betaustralia.com
O1 - Hosts: 66.230.192.118 www.betbet.com
O1 - Hosts: 216.194.173.58 www.betbuckeyesports.com
O1 - Hosts: 83.138.185.129 www.betbug.com
O1 - Hosts: 212.100.224.208 www.betbutler.com
O1 - Hosts: 217.168.161.19 www.betchance.com
O1 - Hosts: 212.56.134.11 www.betclass.co.uk
O1 - Hosts: 212.56.134.11 www.betclass.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {477E65AA-ED90-5062-7EEA-0411C162621F} - C:\Programmi\xpwffpwp\spxawffw.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkmxl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The optnet - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\WINDOWS\optnet.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\alessio\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.c...pport/acpir.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cicciput89198...ad/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cicciput89198...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{562036B0-5CC9-4485-AC6C-6600C57B0C35}: NameServer = 213.156.54.80,213.156.54.81
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hostctrl - {18EE8EDC-4609-47D9-A76B-6F0967B30063} - C:\WINDOWS\hostctrl.dll
O21 - SSODL: hstsys - {E6285CED-3C00-43B0-8ED8-9A1B3A11663F} - C:\WINDOWS\hstsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\alessio\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Programmi\OneStepSearch\onestep.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programmi\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - E:\alessio\Programmi\SPYWAREfighter\spfprc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 16437 bytes


and this log

SmitFraudFix v2.240

Scan done at 14.28.33,74, 21/10/2007
Run from C:\Documents and Settings\Mbenaroyo\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
E:\alessio\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
E:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\OneStepSearch\onestep.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
E:\alessio\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
E:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\RALINK\Common\RaUI.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 mpa.one.microsoft.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mbenaroyo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mbenaroyo\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MBENAR~1\PREFER~1

C:\DOCUME~1\MBENAR~1\PREFER~1\Error Cleaner.url FOUND !
C:\DOCUME~1\MBENAR~1\PREFER~1\Privacy Protector.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi

C:\Programmi\VideoAccessCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Ralink Turbo Wireless LAN Card - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 213.156.54.80
DNS Server Search Order: 213.156.54.81

HKLM\SYSTEM\CCS\Services\Tcpip\..\{562036B0-5CC9-4485-AC6C-6600C57B0C35}: NameServer=213.156.54.80,213.156.54.81
HKLM\SYSTEM\CS1\Services\Tcpip\..\{562036B0-5CC9-4485-AC6C-6600C57B0C35}: NameServer=213.156.54.80,213.156.54.81
HKLM\SYSTEM\CS3\Services\Tcpip\..\{562036B0-5CC9-4485-AC6C-6600C57B0C35}: NameServer=213.156.54.80,213.156.54.81


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



please help me

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 21 October 2007 - 09:17 AM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Run Smitfraudfix
Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


Download and Run ComboFix
  • Download this file from below:

    Here
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Edited by Scotty, 21 October 2007 - 09:25 AM.

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 benale89

benale89

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 22 October 2007 - 08:31 AM

ok i have done everything this is the log SmitFraudFix v2.240 Scan done at 16.07.39,84, 22/10/2007 Run from C:\Documents and Settings\Mbenaroyo\Desktop\anti virus e varie simili\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{562036B0-5CC9-4485-AC6C-6600C57B0C35}: NameServer=213.156.54.80,213.156.54.81 HKLM\SYSTEM\CS1\Services\Tcpip\..\{562036B0-5CC9-4485-AC6C-6600C57B0C35}: NameServer=213.156.54.80,213.156.54.81 HKLM\SYSTEM\CS3\Services\Tcpip\..\{562036B0-5CC9-4485-AC6C-6600C57B0C35}: NameServer=213.156.54.80,213.156.54.81 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Adobe Acrobat 7.0.5 Professional Adobe Flash Player 9 ActiveX Adobe Shockwave Player Aggiornamento della protezione per Windows Media Player (KB911564) Aggiornamento della protezione per Windows Media Player 6.4 (KB925398) Aggiornamento della protezione per Windows Media Player 9 (KB917734) Aggiornamento della protezione per Windows XP (KB890046) Aggiornamento della protezione per Windows XP (KB893756) Aggiornamento della protezione per Windows XP (KB896358) Aggiornamento della protezione per Windows XP (KB896423) Aggiornamento della protezione per Windows XP (KB896424) Aggiornamento della protezione per Windows XP (KB896428) Aggiornamento della protezione per Windows XP (KB899587) Aggiornamento della protezione per Windows XP (KB899589) Aggiornamento della protezione per Windows XP (KB899591) Aggiornamento della protezione per Windows XP (KB900725) Aggiornamento della protezione per Windows XP (KB901017) Aggiornamento della protezione per Windows XP (KB901214) Aggiornamento della protezione per Windows XP (KB902400) Aggiornamento della protezione per Windows XP (KB904706) Aggiornamento della protezione per Windows XP (KB905414) Aggiornamento della protezione per Windows XP (KB905749) Aggiornamento della protezione per Windows XP (KB908519) Aggiornamento della protezione per Windows XP (KB911562) Aggiornamento della protezione per Windows XP (KB911567) Aggiornamento della protezione per Windows XP (KB911927) Aggiornamento della protezione per Windows XP (KB912919) Aggiornamento della protezione per Windows XP (KB913433) Aggiornamento della protezione per Windows XP (KB913580) Aggiornamento della protezione per Windows XP (KB914388) Aggiornamento della protezione per Windows XP (KB914389) Aggiornamento della protezione per Windows XP (KB917159) Aggiornamento della protezione per Windows XP (KB917344) Aggiornamento della protezione per Windows XP (KB917422) Aggiornamento della protezione per Windows XP (KB917953) Aggiornamento della protezione per Windows XP (KB918118) Aggiornamento della protezione per Windows XP (KB918439) Aggiornamento della protezione per Windows XP (KB918899) Aggiornamento della protezione per Windows XP (KB919007) Aggiornamento della protezione per Windows XP (KB920213) Aggiornamento della protezione per Windows XP (KB920214) Aggiornamento della protezione per Windows XP (KB920670) Aggiornamento della protezione per Windows XP (KB920683) Aggiornamento della protezione per Windows XP (KB920685) Aggiornamento della protezione per Windows XP (KB921398) Aggiornamento della protezione per Windows XP (KB921503) Aggiornamento della protezione per Windows XP (KB921883) Aggiornamento della protezione per Windows XP (KB922616) Aggiornamento della protezione per Windows XP (KB922819) Aggiornamento della protezione per Windows XP (KB923191) Aggiornamento della protezione per Windows XP (KB923414) Aggiornamento della protezione per Windows XP (KB923980) Aggiornamento della protezione per Windows XP (KB924191) Aggiornamento della protezione per Windows XP (KB924270) Aggiornamento della protezione per Windows XP (KB924496) Aggiornamento della protezione per Windows XP (KB924667) Aggiornamento della protezione per Windows XP (KB925486) Aggiornamento della protezione per Windows XP (KB925902) Aggiornamento della protezione per Windows XP (KB926255) Aggiornamento della protezione per Windows XP (KB926436) Aggiornamento della protezione per Windows XP (KB927779) Aggiornamento della protezione per Windows XP (KB927802) Aggiornamento della protezione per Windows XP (KB928255) Aggiornamento della protezione per Windows XP (KB928843) Aggiornamento della protezione per Windows XP (KB929123) Aggiornamento della protezione per Windows XP (KB930178) Aggiornamento della protezione per Windows XP (KB931261) Aggiornamento della protezione per Windows XP (KB931784) Aggiornamento della protezione per Windows XP (KB932168) Aggiornamento della protezione per Windows XP (KB933729) Aggiornamento della protezione per Windows XP (KB935839) Aggiornamento della protezione per Windows XP (KB935840) Aggiornamento della protezione per Windows XP (KB936021) Aggiornamento della protezione per Windows XP (KB937143) Aggiornamento della protezione per Windows XP (KB938127) Aggiornamento della protezione per Windows XP (KB938829) Aggiornamento della protezione per Windows XP (KB939653) Aggiornamento della protezione per Windows XP (KB941202) Aggiornamento per Windows XP (KB894391) Aggiornamento per Windows XP (KB898461) Aggiornamento per Windows XP (KB900485) Aggiornamento per Windows XP (KB908531) Aggiornamento per Windows XP (KB910437) Aggiornamento per Windows XP (KB911280) Aggiornamento per Windows XP (KB916595) Aggiornamento per Windows XP (KB920872) Aggiornamento per Windows XP (KB922582) Aggiornamento per Windows XP (KB925720) Aggiornamento per Windows XP (KB927891) Aggiornamento per Windows XP (KB930916) Aggiornamento per Windows XP (KB933360) Aggiornamento per Windows XP (KB936357) Aggiornamento per Windows XP (KB938828) Aggiornamento rapido per Windows XP - KB873339 Aggiornamento rapido per Windows XP - KB885835 Aggiornamento rapido per Windows XP - KB885836 Aggiornamento rapido per Windows XP - KB886185 Aggiornamento rapido per Windows XP - KB887472 Aggiornamento rapido per Windows XP - KB888302 Aggiornamento rapido per Windows XP - KB890859 Aggiornamento rapido per Windows XP - KB891781 Application Verifier Database Assistente per l'accesso a Windows Live ATI - Programma di disinstallazione ATI Control Panel ATI Display Driver AVG Anti-Spyware 7.5 BlueSoleil BS.Player FREE powered by AdVantage Compatibility Administrator 3.0 DAEMON Tools Disinstallazione di eMule AdunanzA Dungeon EAX4 Unified Redist Eusing Free Registry Cleaner Express Burn Grand Theft Auto GTA2 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915800) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) IBM ThinkPad Power Management Driver ImTOO PSP Video Converter J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 8 J2SE Runtime Environment 5.0 Update 9 Java™ 6 Update 2 Java™ SE Runtime Environment 6 Update 1 Kaspersky Online Scanner K-Lite Codec Pack 2.75 Full LG PhoneManager LG SyncManager LG USB Modem driver LiveUpdate 2.6 (Symantec Corporation) Macrogaming SweetIM 2.0 Messenger Plus! Live Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft Application Compatibility Analyzer 1.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.5 Mozilla Firefox (2.0.0.8) Nokia Connectivity Cable Driver Nokia PC Suite Norton PartitionMagic 8.0 OneStep Search 1.0 build 136 OpenVPN 2.0.8 Pandora's GUI PC Connectivity Solution PSP Video 9 2.25 Raccolta foto di Windows Live BETA Ralink Wireless LAN Card Real Alternative 1.21 RegistryFix v5.5 Riva FLV Encoder 2.0 RocketDock 1.3.5 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB928365) Skype 3.0 Skype Plugin Manager SMV Converter Tool 3.0 StyleXP (remove only) Switch Symantec AntiVirus TextPad 4.7 Themexp.org File Trust WB-3400T Webcam VMware Workstation VobSub v2.23 (Remove Only) Windows Application Verifier 2.50 Windows Communication Foundation Windows Desktop Search 3.01 Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Live installer Windows Live Mail Windows Live Messenger Windows Live Writer Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Workflow Foundation Windows XP Service Pack 2 WinPcap 3.1 WinRAR gestione archivi WinSCP 3.8.2 Wireshark 0.99.3 WPF v3.0.6715.0 XML Paper Specification Shared Components Pack 1.0 i need to do anything else?

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 22 October 2007 - 04:24 PM

Hi Yes, there are instructions in my previous post to download and run SDFix and Combofix.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 benale89

benale89

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 23 October 2007 - 07:17 AM

thx thx thx i have resolved all my problem with your help so thx a lot

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 23 October 2007 - 05:12 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users