Hi,
I'm still facing with virus on my pc after having trouble with Vundo. I run the KasperSky (see below) after running: Spybot, Ad-Aware and Avast Antivir in safe mode. Still virus are found with kaspersky. Please let me know if I should post the HJT report (and if you need also VundoFix report) now they don't fit in this message.
What to do?
Many thanks guys.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 27, 2007 12:51:09 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/11/2007
Kaspersky Anti-Virus database records: 466028
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 75558
Number of viruses found: 11
Number of infected objects: 22
Number of suspicious objects: 12
Duration of the scan process: 01:08:44
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Desktop\catchme.zip/__c00BB8C7.dat Infected: Trojan-Downloader.Win32.ConHook.hl skipped
C:\Documents and Settings\Administrator\Desktop\catchme.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37a36f2f395015c1556fff354afd5269_de00fb8d-12cd-4aca-8819-357997cb3c8c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\635aaf80b9517a57d468aaabea60e907_de00fb8d-12cd-4aca-8819-357997cb3c8c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76c60f9cf8177345bbf4c7baa962d05b_de00fb8d-12cd-4aca-8819-357997cb3c8c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7e30413fc114da5c9e6806d7fc787e8_de00fb8d-12cd-4aca-8819-357997cb3c8c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee883d4de8c5b4dbd06a1cebb94e359d_de00fb8d-12cd-4aca-8819-357997cb3c8c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09202007-233740.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\atjxjkhp.exe.vir.bac_a01956 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar_cache43567.tmp.bac_a01956/Baaaaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar_cache43567.tmp.bac_a01956/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar_cache43567.tmp.bac_a01956 ZIP: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\jar_cache43567.tmp.bac_a01956 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\poiu[1].bac_a01956 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Owner\Application Data\Babylon\log_file.txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From <gianof@free.panservice.it>][Date Tue, 13 Jan 2004 11:21:13 +0100 (CET)]/UNNAMED/painfulness.com Infected: Email-Worm.Win32.Sober.c.dat skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From <gianof@free.panservice.it>][Date Tue, 13 Jan 2004 11:21:13 +0100 (CET)]/UNNAMED Infected: Email-Worm.Win32.Sober.c.dat skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From "Mail Delivery System" <MAILER-DAEMON@smtp2-in.panservice.it>][Date Mon, 7 Jun 2004 18:04:43 +0200 (CEST)]/UNNAMED/UNNAMED/[From "Gcoletti" <gcoletti@free.panservice.it>][Date Mon, 07 Jun 2004 18:12:30 +0100]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From "Mail Delivery System" <MAILER-DAEMON@smtp2-in.panservice.it>][Date Mon, 7 Jun 2004 18:04:43 +0200 (CEST)]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From "Mail Delivery System" <MAILER-DAEMON@smtp2-in.panservice.it>][Date Mon, 7 Jun 2004 18:04:43 +0200 (CEST)]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From <3Dtriverio@tiscalinet.it>][Date Mon, 07 Jun 2004 18:12:25 +0100]/UNNAMED/html Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From <3Dtriverio@tiscalinet.it>][Date Mon, 07 Jun 2004 18:12:25 +0100]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From "Gersono.b" <gersono.b@zipmail.com.br>][Date Mon, 24 May 2004 16:47:46 -0400]/UNNAMED/html Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From "Gersono.b" <gersono.b@zipmail.com.br>][Date Mon, 24 May 2004 16:47:46 -0400]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From "Gersono.b" <gersono.b@zipmail.com.br>][Date Wed, 19 May 2004 18:09:52 -0400]/UNNAMED/html Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From "Gersono.b" <gersono.b@zipmail.com.br>][Date Wed, 19 May 2004 18:09:52 -0400]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From <fontedasenhora@mail.pt>][Date Wed, 28 Apr 2004 18:46:51 +0200]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From <fontedasenhora@mail.pt>][Date Wed, 28 Apr 2004 18:46:51 +0200]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx/[From <fontedasenhora@mail.pt>][Date Wed, 28 Apr 2004 18:46:51 +0200]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Posta in arrivo 2004.dbx Mail MS Outlook 5: infected - 2, suspicious - 12 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Wind.dbx/[From "Citizens Bank" <antifraud.ref.num63@citizensbank.com>][Date Wed, 22 Sep 2004 05:36:40 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Wind.dbx/[From "Citizens Bank" <antifraud.ref.num63@citizensbank.com>][Date Wed, 22 Sep 2004 05:36:40 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Wind.dbx/[From "SunTrust" <support@suntrust.com>][Date Sun, 14 Nov 2004 16:00:05 +0600]/html Infected: Trojan-Spy.HTML.Sunfraud.aj skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5B3284C6-24DC-4BF4-A384-9575A1DCD45A}\Microsoft\Outlook Express\Wind.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007112620071127\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\Perflib_Perfdata_24c.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\Perflib_Perfdata_fd4.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF4DEC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Feed Downloaded\Radio 24 Il Sole 24 ore\focus-economia.mp3.partial Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Feed Downloaded\Radio 24 Il Sole 24 ore\salvadanaio.mp3.partial Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\FreePOPs\log.txt Object is locked skipped
C:\Program Files\FreePOPs\stderr.txt Object is locked skipped
C:\Program Files\FreePOPs\stdout.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\iifddcy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arf skipped
C:\WINDOWS\system32\jhhnphvh.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\lkpycgpx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\lydattvh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\ssqoolm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arf skipped
C:\WINDOWS\system32\taigahmm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\vhuqeseh.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_378.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.