Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do not know who remove it


  • This topic is locked This topic is locked
3 replies to this topic

#1 Cihan

Cihan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 25 April 2009 - 06:32 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by cihan.davulcu at 2:17:00,07 on 26.04.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1526.901 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\system32\3361\SVCHOST.exe -sysrun
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSHIBA Yakınlaştırma Yardımcı Programı\SmoothView.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\cihan.davulcu\reader_s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\cihan.davulcu\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [toscdspd] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [reader_s] c:\documents and settings\cihan.davulcu\reader_s.exe
mRun: [Ÿ]
mRun: [windows] c:\windows\system32\reginf.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [vmware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
mRun: [usb antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [tpsmain] TPSMain.exe
mRun: [thotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [tfncky] TFncKy.exe
mRun: [tdispvol] TDispVol.exe
mRun: [syntpenh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
mRun: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [smoothview] c:\program files\toshiba\toshiba yakınlaştırma yardımcı programı\SmoothView.exe
mRun: [services] c:\windows\services.exe
mRun: [rthdcpl] RTHDCPL.EXE
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [ndstray.exe] NDSTray.exe
mRun: [intelzeroconfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelwireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [groovemonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [dla] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [cfsserv.exe] CFSServ.exe -NoClient
mRun: [alcmtr] ALCMTR.EXE
mRun: [agrsmmsg] AGRSMMSG.exe
mRunOnce: [svchost.exe] "c:\windows\system32\3361\SVCHOST.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [windows] c:\windows\system32\reginf.exe
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
dRun: [svc] c:\program files\thunmail\testabd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239999665195&h=8affde83c83d888e9b2d4518cbced5d3/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\thunmail\testabd.dll

============= SERVICES / DRIVERS ===============

R?2 msncache;msncache;c:\windows\system32\svchost.exe -k NetworkService [2008-4-14 34816]
R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-4-23 18944]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-4-23 425080]
R2 dhcpsrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-23 257024]
R2 ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 34816]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2001-11-22 194048]
S1 58daf535;58daf535;c:\windows\system32\drivers\58daf535.sys --> c:\windows\system32\drivers\58daf535.sys [?]
S2 WmiHardwareSrv;Wmi Hardware Management;c:\windows\system32\reginf.exe [2009-3-24 136704]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-10-26 2799808]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688]

=============== Created Last 30 ================

2009-04-26 01:27 0 a------- c:\windows\system32\7.tmp
2009-04-26 01:27 0 a------- c:\windows\system32\6.tmp
2009-04-26 01:27 147,811 a------- c:\windows\system32\3.tmp
2009-04-26 01:27 124 a------- c:\windows\system32\2.tmp
2009-04-25 22:28 139,264 a------- c:\windows\system32\igfxres.dll
2009-04-25 21:31 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-04-25 21:31 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-04-25 21:31 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-04-25 21:31 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-04-25 21:31 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-04-25 21:31 79,360 ac------ c:\windows\system32\dllcache\winar30.ime
2009-04-25 21:31 72,704 ac------ c:\windows\system32\dllcache\wingb.ime
2009-04-25 21:31 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-04-25 21:31 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-04-25 21:31 86,073 ac------ c:\windows\system32\dllcache\voicesub.dll
2009-04-25 21:31 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-04-25 21:29 28,160 ac------ c:\windows\system32\dllcache\migregdb.exe
2009-04-25 21:28 82,172 ac------ c:\windows\system32\dllcache\bopomofo.nls
2009-04-25 21:28 66,728 ac------ c:\windows\system32\dllcache\big5.nls
2009-04-25 21:28 19,456 ac------ c:\windows\system32\dllcache\agt0804.dll
2009-04-25 21:28 19,456 ac------ c:\windows\system32\dllcache\agt0412.dll
2009-04-25 21:28 19,456 ac------ c:\windows\system32\dllcache\agt0411.dll
2009-04-25 21:28 19,456 ac------ c:\windows\system32\dllcache\agt040d.dll
2009-04-25 21:28 19,456 ac------ c:\windows\system32\dllcache\agt0404.dll
2009-04-25 21:28 19,456 ac------ c:\windows\system32\dllcache\agt0401.dll
2009-04-25 21:26 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-25 21:26 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-25 21:26 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-25 21:26 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-25 21:26 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-25 21:26 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-25 21:26 36,864 ac------ c:\windows\system32\dllcache\isignup.exe
2009-04-25 21:23 28,160 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-04-25 21:23 125,440 ac------ c:\windows\system32\dllcache\ftpsv251.dll
2009-04-25 21:23 6,144 ac------ c:\windows\system32\dllcache\ftpmib.dll
2009-04-25 21:03 17,695 a----r-- c:\windows\SET50.tmp
2009-04-25 21:03 1,088,840 a----r-- c:\windows\SET44.tmp
2009-04-25 21:03 1,233,791 a----r-- c:\windows\SET41.tmp
2009-04-25 20:17 231,424 a------- c:\windows\system32\tpsaxyd.exe
2009-04-24 22:44 61,440 a------- c:\windows\system32\F.tmp
2009-04-24 22:41 0 a------- c:\windows\system32\5.tmp
2009-04-24 22:41 124 a------- c:\windows\system32\4.tmp
2009-04-24 22:37 0 a------- c:\windows\system32\42.tmp
2009-04-24 22:30 17,017 a------- c:\windows\system32\2D.tmp
2009-04-24 22:29 124 a------- c:\windows\system32\2C.tmp
2009-04-24 22:07 103 a------- c:\windows\pro.INI
2009-04-23 20:30 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-04-23 20:30 0 a------- c:\windows\system32\1F.tmp
2009-04-23 20:30 61,440 a------- c:\windows\system32\1E.tmp
2009-04-23 20:30 36,352 a------- c:\windows\system32\reader_s.exe
2009-04-23 20:30 36,352 a------- c:\documents and settings\cihan.davulcu\reader_s.exe
2009-04-23 20:29 69,120 a------- c:\windows\services.exe
2009-04-23 20:29 153,088 a------- c:\windows\system32\1C.tmp
2009-04-23 20:29 233,472 a------- c:\windows\system32\w.exe
2009-04-23 20:29 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-04-23 20:29 8 a------- c:\windows\system32\comsa32.sys
2009-04-23 20:28 164 a------- c:\windows\system32\1A.tmp
2009-04-23 20:28 <DIR> --dshr-- c:\program files\ThunMail
2009-04-23 19:54 363,008 ac------ c:\windows\system32\dllcache\w3svc.dll
2009-04-23 19:54 60,928 ac------ c:\windows\system32\dllcache\httpod51.dll
2009-04-23 19:54 46,592 ac------ c:\windows\system32\dllcache\sspifilt.dll
2009-04-23 19:54 8,192 ac------ c:\windows\system32\dllcache\httpmb51.dll
2009-04-23 19:30 17,695 a----r-- c:\windows\SET80.tmp
2009-04-23 19:30 1,088,840 a----r-- c:\windows\SET74.tmp
2009-04-23 19:30 1,233,791 a----r-- c:\windows\SET71.tmp
2009-04-23 19:29 356,053 a------- c:\windows\setupapi.old
2009-04-23 18:32 <DIR> --d----- c:\program files\ltmoh
2009-04-23 16:43 <DIR> --d----- c:\program files\a-squared Free
2009-04-20 23:09 19,569 a------- c:\windows\000002_.tmp
2009-04-20 22:36 1,033,728 a------- c:\windows\SET1EA.tmp
2009-04-20 22:34 5,632 a------- c:\windows\system32\SET1A0.tmp
2009-04-20 22:34 27,648 a------- c:\windows\system32\SET198.tmp
2009-04-20 22:34 15,360 a------- c:\windows\system32\SET197.tmp
2009-04-20 22:34 25,088 a------- c:\windows\system32\SET194.tmp
2009-04-20 22:34 105,472 a------- c:\windows\system32\SET192.tmp
2009-04-20 22:34 220,672 a------- c:\windows\system32\SET174.tmp
2009-04-20 22:34 112,640 a------- c:\windows\system32\SET164.tmp
2009-04-20 22:33 69,632 a------- c:\windows\system32\SET15E.tmp
2009-04-20 22:33 57,856 a------- c:\windows\system32\SET13A.tmp
2009-04-20 22:32 14,336 a------- c:\windows\system32\SET12F.tmp
2009-04-20 22:28 19,569 a------- c:\windows\000001_.tmp
2009-04-20 22:12 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-04-19 23:18 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-19 21:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-19 21:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 21:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-19 04:03 135,168 a------- c:\windows\system32\wingo.exe
2009-04-19 03:22 0 a------- c:\windows\system32\64.tmp
2009-04-19 03:22 84 a------- c:\windows\system32\63.tmp
2009-04-19 02:59 <DIR> --d----- c:\windows\system32\3361
2009-04-19 02:59 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-19 02:59 <DIR> --d----- c:\windows\dhcp
2009-04-19 02:58 0 a------- c:\windows\system32\53.tmp
2009-04-19 02:58 84 a------- c:\windows\system32\52.tmp
2009-04-19 02:58 101,870 a------- c:\windows\system32\drivers\d1d4565.sys
2009-04-19 02:58 2 a------- C:\1417129656
2009-04-19 02:58 <DIR> --d----- c:\program files\Teleport Pro
2009-04-17 23:22 <DIR> --d----- c:\documents and settings\cihan.davulcu\.housecall6.6
2009-04-17 23:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-17 23:21 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-17 21:05 33,795 a------- c:\documents and settings\cihan.davulcu\ccDxFDF.EXE
2009-04-17 20:24 <DIR> --d----- c:\docume~1\cihan~1.dav\applic~1\Malwarebytes
2009-04-17 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-16 21:37 <DIR> --dshr-- C:\BIN
2009-04-15 23:06 33,795 a------- c:\documents and settings\cihan.davulcu\Xdfxghj.exe
2009-04-15 20:48 60,972 a------- c:\documents and settings\cihan.davulcu\dfghxjxs.exe
2009-04-13 22:15 <DIR> --d----- C:\Adobe
2009-04-11 22:46 60,972 a------- c:\documents and settings\cihan.davulcu\dfghjxs.exe
2009-04-11 00:19 139,264 a------- c:\documents and settings\cihan.davulcu\dfdfgg.exe
2009-04-09 23:22 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-04-09 23:21 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-04-09 23:15 <DIR> --d----- c:\windows\system32\RsFx
2009-04-09 23:14 <DIR> --d----- c:\program files\MSXML 6.0
2009-04-09 22:07 139,264 a------- c:\documents and settings\cihan.davulcu\dfdfggg.exe
2009-04-09 15:01 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-04-09 15:01 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-04-08 00:13 <DIR> --dshr-- C:\Driver
2009-04-08 00:13 139,264 a------- c:\documents and settings\cihan.davulcu\Xdfxgxhj.exe
2009-04-06 21:02 <DIR> --d----- C:\7bfc35cd38be9acbd0f9479c
2009-04-06 15:04 <DIR> --d----- c:\windows\SxsCaPendDel
2009-04-06 12:36 30,768 a----r-- c:\windows\system32\drivers\vmusb.sys
2009-03-28 21:50 <DIR> --dshr-- C:\SYSTEM
2009-03-28 21:49 139,264 a------- c:\documents and settings\cihan.davulcu\dsdxsdsds.exe
2009-03-28 21:49 65,580 a------- c:\documents and settings\cihan.davulcu\sdsxdsds.exe
2009-03-28 15:41 <DIR> --d----- c:\program files\MSECACHE
2009-03-27 23:11 <DIR> --d----- C:\MSDERelA

==================== Find3M ====================

2009-04-26 02:12 2,147,328 ----h--- c:\windows\system32\ntoskrnl.exe
2009-04-25 22:35 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-04-25 21:39 619,556 a------- c:\windows\system32\perfh01F.dat
2009-04-25 21:39 153,598 a------- c:\windows\system32\perfc01F.dat
2009-04-25 21:24 26,312 a------- c:\windows\system32\emptyregdb.dat
2009-03-24 22:20 136,704 ---shr-- c:\windows\system32\~tmp~~SEFWFFKNKW.exe
2009-03-24 22:19 136,704 ---shr-- c:\windows\system32\reginf.exe
2009-03-24 22:19 136,704 ---shr-- c:\windows\system32\~tmp~~UDGVASAFJX.exe
2009-03-10 12:34 21,393 ac------ c:\windows\system32\drivers\AegisP.sys
2009-03-10 12:34 21,393 a------- c:\windows\AegisP.sys
2009-03-08 21:14 87,333 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-05 16:49 0 a--shr-- c:\windows\system32\drivers\TOSHIBA_Satellite A100_04061-S1_PSB10U-SA10.MRK
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 2:17:33,15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 26 April 2009 - 01:42 PM

Hello.

Unfortunately you have the file infector Virut infection. The only way to proceed is to Format the whole computer and start over.

Posted ImageVirut File Infector Warning

Your system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.

For these reasons, you really can't truly fix Virut. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

More information on Virut can be found over here and here

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 29 April 2009 - 02:21 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 01 May 2009 - 02:16 PM

Hello.

As the resolution of this issue requires a reformat, and there have been no further questions or comments posted regarding this, the topic will now be closed.

This applies only to the original topic starter only.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users