Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 gavrielx

gavrielx

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 28 July 2011 - 02:47 PM

hi,
first sorry about my english

my computer is crazy
i cant open regedit or task manager i get messege somthing like this :" regedit\task manger disable from your admistarator.."
i cant open some web site on internet explorer but they open well on chroma
i cant see hiden files its return himself to be unvisiable.
my computer get slow
i cant open safe mode - the computer restar him self.
i have got 7 files that dont delete on the C:\WINDOWS\Temp folder: Perflib_Perfdata_7d4.dat, Perflib_Perfdata_71c.dat etc.. her all have the same size (16kb)
and the same problome with 3 files on C:\WINDOWS\Temp\hsperfdata_SYSTEM : 344,524,576 there size is 64 kb
there is 2 files on the windwos driver folder that i cant get any information about the : cxthsfs2.cty and
when i put a disk on key drive in the computer i see new autorun.bat file on him.
the computer delete ofthen importent file

i'm using windwos xp sp3 and i'm part of workgruop with 4 computer in my office.

plaese help me to solve the problome witout to reformat the computer.
tanks , gavriel

-------------------------------

DDS LOG:

-------------------------------

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ss at 20:24:40 on 2011-07-28
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1037.18.3062.2322 [GMT 3:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ARL\CryptoKit\utils\ARCLTSRV.EXE
C:\Program Files\ARL\CryptoKit\utils\arcltsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ITSguard Business\aua\bin\Aua.exe
C:\Program Files\ITSguard Business\bin\CDPService.exe
C:\Program Files\ITSguard Business\aua\jvm\bin\auaJW.exe
C:\Program Files\ITSguard Business\bin\Scheduler.exe
C:\Program Files\ITSguard Business\bin\CDPService.exe
C:\Program Files\ITSguard Business\jvm\bin\bschJW.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Xerox\Xerox WorkCentre 3210\PSU\Scan2pc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.il/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\progra~1\agat\agform\AGFORM~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Stanley-L_XRX_S2P] c:\program files\xerox\xerox workcentre 3210\psu\Scan2pc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OBASystemTray] "c:\program files\itsguard business\bin\SystemTray.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242651999046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BC4CF6B5-8DE7-4F51-A369-364629A6C2B7} - hxxps://hb2.bankleumi.co.il/eas/activex/BankDOKOp.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: Interfaces\{59CB5256-035A-4703-A154-4CE00115DE94} : NameServer = 213.151.32.70,213.151.32.71
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli
.
============= SERVICES / DRIVERS ===============
.
R1 CsDrvNt;CsDrvNt;c:\windows\system32\drivers\Csdrvnt4.sys [2011-4-13 11022]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-22 814344]
R2 OBAAutoUpdate;AutoUpdateAgent (ITSguard Business Backup);c:\program files\itsguard business\aua\bin\Aua.exe [2011-7-24 73728]
R2 OBACDPService;Continuous Data Protection (ITSguard Business Backup);c:\program files\itsguard business\bin\CDPService.exe [2011-7-24 262144]
R2 OBAScheduler;Online Backup Scheduler (ITSguard Business Backup);c:\program files\itsguard business\bin\Scheduler.exe [2011-7-24 77824]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\pknhoq.sys --> c:\windows\system32\drivers\pknhoq.sys [?]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-6-6 44432]
R3 euci5r;CryptoIdentity Reader;c:\windows\system32\drivers\euci5r.sys [2003-4-11 35778]
S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-6-14 30192]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S4 gupdate;שירות Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-10 213488]
S4 gupdatem;שירות עדכון Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-10 213488]
.
=============== Created Last 30 ================
.
2011-07-24 11:30:46 -------- d-s---w- C:\ComboFix
2011-07-24 11:23:37 -------- d-----w- c:\documents and settings\all users\application data\ITSguard Business
2011-07-24 11:23:36 -------- d-----w- c:\documents and settings\ss\.acb
2011-07-24 11:22:56 -------- d-----w- c:\program files\ITSguard Business
2011-07-24 11:14:59 -------- d-----w- c:\documents and settings\ss\temp
2011-07-20 19:43:44 -------- d-----w- c:\program files\VSTplugins
2011-07-20 19:23:34 545 ----a-w- c:\windows\UC.PIF
2011-07-20 19:23:34 545 ----a-w- c:\windows\RAR.PIF
2011-07-20 19:23:34 545 ----a-w- c:\windows\PKZIP.PIF
2011-07-20 19:23:34 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-07-20 19:23:34 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-07-20 19:23:34 545 ----a-w- c:\windows\LHA.PIF
2011-07-20 19:23:34 545 ----a-w- c:\windows\ARJ.PIF
2011-07-20 19:23:34 -------- d-----w- C:\totalcmd
2011-07-20 19:23:34 -------- d-----w- c:\documents and settings\ss\application data\GHISLER
2011-07-20 16:36:12 -------- d-----w- c:\windows\system32\CatRoot2
2011-07-20 15:59:27 98816 ----a-w- c:\windows\sed.exe
2011-07-20 15:59:27 518144 ----a-w- c:\windows\SWREG.exe
2011-07-20 15:59:27 256000 ----a-w- c:\windows\PEV.exe
2011-07-20 15:59:27 208896 ----a-w- c:\windows\MBR.exe
2011-07-20 08:25:55 -------- d-sha-r- C:\cmdcons
2011-07-20 08:25:53 -------- d-----w- c:\windows\setup.pss
2011-07-20 08:25:35 -------- d-----w- c:\windows\setupupd
2011-07-10 11:03:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-10 11:03:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-05 13:10:38 -------- d-----w- C:\M1522_Full_Solution_Win7_4_3_EMEA2
2011-07-03 18:28:17 -------- d-----w- c:\documents and settings\ss\application data\SUPERAntiSpyware.com
2011-07-03 18:23:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-30 16:31:21 -------- d-----w- c:\program files\Motorola
2011-06-30 16:17:16 983936 ----a-w- c:\windows\system32\drivers\smserial.sys
2011-06-30 16:17:16 196608 ----a-w- c:\windows\system32\sm56co6a.dll
.
==================== Find3M ====================
.
2011-06-06 11:35:18 1858816 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 16:07:55 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-05-02 15:31:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:05 151552 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 20:24:54.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:36 PM

Posted 06 August 2011 - 02:01 PM

please post the ComboFix Log(s)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:36 PM

Posted 11 August 2011 - 08:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users