« previous next »
Pages: [1]

Author Topic: TR/kazy virus playing with my computer  (Read 1239 times)

Offline wormit

  • Full Member
  • ***
  • Posts: 132
  • Karma: +0/-0
    • View Profile
TR/kazy virus playing with my computer
« on: May 12, 2013, 10:29:54 AM »

hi,


 


Avira keeps bleeping to announce detections when i start my pc but when i scan it freezes. in safemode it doesnt detect any viruses. cant download yahoo mail attachments either


 


 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:58:29 AM, on 13/05/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Safe mode with network support


Running processes:

C:\\Windows\\Explorer.EXE

C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe

C:\\Windows\\system32\\wbem\\unsecapp.exe

C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe

C:\\Windows\\System32\\osk.exe

C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe

C:\\Program Files\\Internet Explorer\\iexplore.exe

C:\\Program Files\\Internet Explorer\\iexplore.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe


R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Oracle\\JavaFX 2.1 Runtime\\bin\\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.2.4128.1656\\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_82E8758A37DCD509.dll (file missing)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Oracle\\JavaFX 2.1 Runtime\\bin\\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\YTSingleInstance.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll

O4 - HKLM\\..\\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe

O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\\..\\Run: [IgfxTray] C:\\Windows\\system32\\igfxtray.exe

O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\Windows\\system32\\hkcmd.exe

O4 - HKLM\\..\\Run: [Persistence] C:\\Windows\\system32\\igfxpers.exe

O4 - HKLM\\..\\Run: [TPwrMain] %ProgramFiles%\\TOSHIBA\\Power Saver\\TPwrMain.EXE

O4 - HKLM\\..\\Run: [SmoothView] %ProgramFiles%\\Toshiba\\SmoothView\\SmoothView.exe

O4 - HKLM\\..\\Run: [00TCrdMain] %ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe

O4 - HKLM\\..\\Run: [Camera Assistant Software] \"C:\\Program Files\\Camera Assistant Software for Toshiba\\traybar.exe\" /start

O4 - HKLM\\..\\Run: [Google Desktop Search] \"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup

O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime

O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"

O4 - HKLM\\..\\Run: [Share-to-Web Namespace Daemon] C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe

O4 - HKLM\\..\\Run: [Skytel] Skytel.exe

O4 - HKLM\\..\\Run: [OutpostFeedBack] \"C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe\" /dump:os_startup

O4 - HKLM\\..\\Run: [OutpostMonitor] C:\\PROGRA~1\\Agnitum\\OUTPOS~1\\op_mon.exe /tray /noservice

O4 - HKLM\\..\\Run: [avgnt] \"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"

O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"

O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"

O4 - HKCU\\..\\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] \"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YahooMessenger.exe\" -quiet

O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun

O4 - HKCU\\..\\Run: [Aceroqyti] C:\\Users\\compi\\AppData\\Roaming\\Exne\\pipy.exe

O4 - HKUS\\S-1-5-18\\..\\RunOnce: [] OSK.exe (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\RunOnce: [] OSK.exe (User \'Default user\')

O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\\Program Files\\Canon\\ImageBrowser EX\\MFManager.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\Windows\\system32\\GPhotos.scr/200

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~4\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~4\\Office12\\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\\Program Files\\PokerStars\\PokerStarsUpdate.exe (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\\Windows\\bdoscandel.exe

O9 - Extra \'Tools\' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\\Windows\\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~4\\Office12\\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe (file missing)

O9 - Extra \'Tools\' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe (file missing)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\\PROGRA~1\\Google\\GOOGLE~1\\GoogleDesktopNetwork3.dll

O20 - Winlogon Notify: !SASWinLogon - Invalid registry found

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\Windows\\system32\\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\\Windows\\system32\\agrsmsvc.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\\Program Files\\Skype\\Updater\\Updater.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\\Program Files\\TOSHIBA\\SmartFaceV\\SmartFaceVWatchSrv.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\\Program Files\\TOSHIBA\\TOSHIBA DVD PLAYER\\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\\Windows\\system32\\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\\Program Files\\TOSHIBA\\Power Saver\\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\\Program Files\\TOSHIBA\\SMARTLogService\\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe


--

End of file - 9371 bytes

« Last Edit: May 12, 2013, 10:37:15 AM by wormit »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
TR/kazy virus playing with my computer
« Reply #1 on: May 13, 2013, 09:13:37 PM »

Download http://oldtimer.geekstogo.com/OTL.exe\"" class="bbc_link" target="_blank" rel="noopener noreferrer">[color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.




  • Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
  • Click Run Scan and let the program run uninterrupted.

  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.





 


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
TR/kazy virus playing with my computer
« Reply #2 on: June 07, 2013, 08:00:23 PM »

no reply so I\'ll lock this topic


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »