Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware/virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 wimheino

wimheino

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 26 April 2010 - 09:49 AM

My PC is running very slow and i tried everthing i could think of. When i run mallware scanners the detect a lot but the don't delete it right i think. This is my last resort.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Gebruiker at 15:36:02,95 on ma 26-04-2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.508 [GMT 2:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {80543BF7-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {804FD2B8-FFA4-00FE-0D24-347CA8A3377C}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gebruiker\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\gebruiker\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [AudioDeck] "c:\program files\viaudioi\sbadeck\ADeck.exe" 1
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "c:\windows\system32\rmoc3260.dll"
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: khfdeby - khfdeby.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-26 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-26 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-26 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
R2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-24 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-24 20824]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\Silicon.sys [2006-6-20 22656]
S2 aawservice;Ad-Aware 2007 Service;"c:\program files\lavasoft\ad-aware 2007\aawservice.exe" --> c:\program files\lavasoft\ad-aware 2007\aawservice.exe [?]
S2 jsswjtoy;Microsoft USB 2.0 Enhanced Host Controller Miniport Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\drivers\drvagent32.sys --> c:\windows\system32\drivers\DrvAgent32.sys [?]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-4-25 27064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-04-26 13:35:02 0 ----a-w- c:\documents and settings\gebruiker\defogger_reenable
2010-04-26 12:56:03 0 d-sha-r- C:\cmdcons
2010-04-26 12:51:09 98816 ----a-w- c:\windows\sed.exe
2010-04-26 12:51:09 77312 ----a-w- c:\windows\MBR.exe
2010-04-26 12:51:09 261632 ----a-w- c:\windows\PEV.exe
2010-04-26 12:51:09 161792 ----a-w- c:\windows\SWREG.exe
2010-04-26 12:45:57 0 d-----w- c:\docume~1\gebrui~1\applic~1\Avira
2010-04-26 12:39:32 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-26 12:39:32 0 d-----w- c:\program files\Avira
2010-04-26 12:39:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-04-26 12:35:55 0 d-----w- C:\ComboFix
2010-04-26 11:24:52 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-26 11:24:52 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-26 11:24:51 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-26 09:36:15 0 d-----w- c:\windows\system32\NtmsData
2010-04-26 08:33:02 0 d--h--r- c:\documents and settings\gebruiker\Onlangs geopend
2010-04-25 22:52:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 20:42:08 0 d-----w- c:\docume~1\gebrui~1\applic~1\VS Revo Group
2010-04-25 20:32:03 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-04-25 20:32:01 0 d-----w- c:\program files\VS Revo Group
2010-04-24 21:29:15 0 d-----w- c:\docume~1\gebrui~1\applic~1\Malwarebytes
2010-04-24 21:28:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 21:28:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-24 21:28:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 21:28:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 12:46:06 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-24 12:45:51 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 12:45:51 0 d-----w- c:\docume~1\gebrui~1\applic~1\SUPERAntiSpyware.com
2010-04-24 12:45:30 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-24 12:02:27 0 d-----w- c:\docume~1\gebrui~1\applic~1\Citrix
2010-04-23 22:22:43 65540 ----a-w- c:\docume~1\alluse~1\applic~1\rtAeOcBx.exe
2010-04-23 22:19:47 112 ----a-w- c:\docume~1\alluse~1\applic~1\7G45FcRh.dat
2010-04-17 15:18:38 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-04-16 19:51:19 0 d-----w- c:\program files\common files\Mediafour
2010-04-16 19:51:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Mediafour
2010-04-16 19:50:47 0 d-----w- c:\program files\Mediafour
2010-04-13 19:31:29 0 d-----w- c:\docume~1\alluse~1\applic~1\TVU Networks
2010-04-13 19:31:25 0 d-----w- c:\windows\system32\TVUAx
2010-04-06 19:13:14 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-31 01:58:24 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

==================== Find3M ====================

2010-03-28 04:52:26 86370 ----a-w- c:\windows\system32\perfc013.dat
2010-03-28 04:52:26 499244 ----a-w- c:\windows\system32\perfh013.dat
2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 12:09:58 2194304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09:57 2071168 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35:06 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-01-21 17:55:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009012120090122\index.dat

============= FINISH: 15:36:13,62 ===============


in the attachments you will find the txt files! there is no txt file from GMER because when i try it.. it runs for a wile but then the he restarts automaticle without creating the txt file?!

Thanks alot!

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:43 AM

Posted 30 April 2010 - 06:45 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please try running Gmer but checking only the SECTIONS option
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:43 AM

Posted 05 May 2010 - 06:49 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users