Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR PHYSICALDRIVE0 PARTITION 2


  • Please log in to reply
5 replies to this topic

#1 ritta

ritta

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 02 March 2012 - 01:43 PM

Hello,

My computer was very slow so I uninstalled and installed Windows XP. After scanning the computer with Avast, I had the following message : Treat detected : " MBR PHYSICALDRIVE0/PARTITION2", file name "Alureor". How can I cancel this virus?
Thanks in advance for helping.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:57 AM

Posted 02 March 2012 - 02:47 PM

Hello and welcome.

Please run these.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




To check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ritta

ritta
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 02 March 2012 - 05:44 PM

Hi,

Thank you for answering.

Here are the results :

MiniToolBox by Farbar Version: 18-01-2012
Ran by Propriétaire (administrator) on 02-03-2012 at 22:36:35
Microsoft Windows XP Édition familiale Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Configuration IP de Windows




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# Configuration IP de l'interface
# ----------------------------------
pushd interface ip



popd
# Fin de la configuration IP de l'interface




Configuration IP de Windows



Serveur : UnKnown
Address: 127.0.0.1

La requˆte Ping n'a pas pu trouver l'h“te google.com. V‚rifiez le nom et essayez … nouveau.

Serveur : UnKnown
Address: 127.0.0.1

La requˆte Ping n'a pas pu trouver l'h“te yahoo.com. V‚rifiez le nom et essayez … nouveau.

Serveur : UnKnown
Address: 127.0.0.1

La requˆte Ping n'a pas pu trouver l'h“te bleepingcomputer.com. V‚rifiez le nom et essayez … nouveau.



Envoi d'une requˆte 'ping' sur 127.0.0.1 avec 32 octets de donn‚esÿ:



R‚ponse de 127.0.0.1ÿ: octets=32 temps<1ms TTL=128

R‚ponse de 127.0.0.1ÿ: octets=32 temps<1ms TTL=128



Statistiques Ping pour 127.0.0.1:

Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),

Dur‚e approximative des boucles en millisecondes :

Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms

===========================================================================
Liste d'Interfaces
0x1 ........................... MS TCP Loopback interface
===========================================================================
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
===========================================================================
Itin‚raires persistantsÿ:
Aucun
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [247808] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [247808] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [247808] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [247808] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [247808] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [247808] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [247808] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [247808] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [247808] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/24/2012 09:46:04 PM) (Source: Application Hang) (User: )
Description: Application bloquée avast.setup, version 7.0.1407.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.


System errors:
=============
Error: (03/02/2012 07:30:15 PM) (Source: Service Control Manager) (User: )
Description: Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.

Error: (03/02/2012 07:30:15 PM) (Source: Service Control Manager) (User: )
Description: Le service Service de la passerelle de la couche Application s'est terminé de façon inattendue pour la 1ème fois.

Error: (03/02/2012 06:38:51 PM) (Source: Service Control Manager) (User: )
Description: Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.

Error: (03/02/2012 06:38:51 PM) (Source: Service Control Manager) (User: )
Description: Le service Service de la passerelle de la couche Application s'est terminé de façon inattendue pour la 1ème fois.

Error: (03/02/2012 05:50:37 PM) (Source: Service Control Manager) (User: )
Description: Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.

Error: (03/02/2012 05:50:37 PM) (Source: Service Control Manager) (User: )
Description: Le service Service de la passerelle de la couche Application s'est terminé de façon inattendue pour la 1ème fois.

Error: (03/02/2012 04:59:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.

Error: (03/02/2012 04:59:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Service de la passerelle de la couche Application s'est terminé de façon inattendue pour la 1ème fois.


Microsoft Office Sessions:
=========================
Error: (02/24/2012 09:46:04 PM) (Source: Application Hang)(User: )
Description: avast.setup7.0.1407.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

avast! Free Antivirus (Version: 7.0.1407.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
WebFldrs XP (Version: 9.50.7523)

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 1023.17 MB
Available physical RAM: 815.29 MB
Total Pagefile: 2462.02 MB
Available Pagefile: 2345.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.75 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:233.75 GB) (Free:230.54 GB) NTFS
3 Drive d: (VRMHOEM_FR) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
5 Drive f: () (Removable) (Total:0.96 GB) (Free:0.88 GB) FAT

========================= Users: ========================================

comptes d'utilisateurs de \\SOLEIL

Administrateur HelpAssistant Invit‚
Propri‚taire SUPPORT_388945a0
La commande s'est termin‚e correctement.


**** End of log ****





22:41:16.0484 2688 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
22:41:16.0515 2688 ============================================================
22:41:16.0515 2688 Current date / time: 2012/03/02 22:41:16.0515
22:41:16.0515 2688 SystemInfo:
22:41:16.0515 2688
22:41:16.0531 2688 OS Version: 5.1.2600 ServicePack: 2.0
22:41:16.0531 2688 Product type: Workstation
22:41:16.0531 2688 ComputerName: SOLEIL
22:41:16.0531 2688 UserName: Propriétaire
22:41:16.0531 2688 Windows directory: C:\WINDOWS
22:41:16.0531 2688 System windows directory: C:\WINDOWS
22:41:16.0531 2688 Processor architecture: Intel x86
22:41:16.0531 2688 Number of processors: 2
22:41:16.0531 2688 Page size: 0x1000
22:41:16.0531 2688 Boot type: Normal boot
22:41:16.0531 2688 ============================================================
22:41:18.0187 2688 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:41:18.0203 2688 Drive \Device\Harddisk1\DR7 - Size: 0x3D3FFC00 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:41:18.0203 2688 \Device\Harddisk0\DR0:
22:41:18.0203 2688 MBR used
22:41:18.0203 2688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D37F873
22:41:18.0203 2688 \Device\Harddisk1\DR7:
22:41:18.0203 2688 MBR used
22:41:18.0203 2688 \Device\Harddisk1\DR7\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E9FDE
22:41:18.0218 2688 Initialize success
22:41:18.0218 2688 ============================================================
22:42:24.0500 2832 ============================================================
22:42:24.0500 2832 Scan started
22:42:24.0500 2832 Mode: Manual; TDLFS;
22:42:24.0500 2832 ============================================================
22:42:24.0609 2832 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:42:24.0609 2832 Aavmker4 - ok
22:42:24.0625 2832 Abiosdsk - ok
22:42:24.0656 2832 abp480n5 - ok
22:42:24.0703 2832 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:42:24.0703 2832 ACPI - ok
22:42:24.0750 2832 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:42:24.0750 2832 ACPIEC - ok
22:42:24.0765 2832 adpu160m - ok
22:42:24.0812 2832 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:42:24.0828 2832 AFD - ok
22:42:24.0843 2832 Aha154x - ok
22:42:24.0859 2832 aic78u2 - ok
22:42:24.0890 2832 aic78xx - ok
22:42:24.0953 2832 AliIde - ok
22:42:24.0984 2832 amsint - ok
22:42:25.0015 2832 asc - ok
22:42:25.0046 2832 asc3350p - ok
22:42:25.0078 2832 asc3550 - ok
22:42:25.0109 2832 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:42:25.0109 2832 aswFsBlk - ok
22:42:25.0140 2832 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
22:42:25.0140 2832 aswMon2 - ok
22:42:25.0171 2832 AswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\AswRdr.sys
22:42:25.0171 2832 AswRdr - ok
22:42:25.0203 2832 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
22:42:25.0218 2832 aswSnx - ok
22:42:25.0234 2832 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
22:42:25.0234 2832 aswSP - ok
22:42:25.0265 2832 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
22:42:25.0265 2832 aswTdi - ok
22:42:25.0281 2832 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:42:25.0296 2832 AsyncMac - ok
22:42:25.0312 2832 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:42:25.0312 2832 atapi - ok
22:42:25.0359 2832 Atdisk - ok
22:42:25.0406 2832 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:42:25.0406 2832 Atmarpc - ok
22:42:25.0453 2832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:42:25.0453 2832 audstub - ok
22:42:25.0515 2832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:42:25.0515 2832 Beep - ok
22:42:25.0578 2832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:42:25.0578 2832 cbidf2k - ok
22:42:25.0593 2832 cd20xrnt - ok
22:42:25.0625 2832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:42:25.0640 2832 Cdaudio - ok
22:42:25.0656 2832 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:42:25.0656 2832 Cdfs - ok
22:42:25.0687 2832 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:42:25.0687 2832 Cdrom - ok
22:42:25.0718 2832 Changer - ok
22:42:25.0765 2832 CmdIde - ok
22:42:25.0843 2832 Cpqarray - ok
22:42:25.0890 2832 dac2w2k - ok
22:42:25.0921 2832 dac960nt - ok
22:42:25.0968 2832 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:25.0968 2832 Disk - ok
22:42:26.0046 2832 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
22:42:26.0078 2832 dmboot - ok
22:42:26.0093 2832 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
22:42:26.0109 2832 dmio - ok
22:42:26.0140 2832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:42:26.0156 2832 dmload - ok
22:42:26.0187 2832 dpti2o - ok
22:42:26.0281 2832 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:42:26.0281 2832 Fastfat - ok
22:42:26.0312 2832 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:42:26.0312 2832 Fdc - ok
22:42:26.0343 2832 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
22:42:26.0343 2832 Fips - ok
22:42:26.0375 2832 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:42:26.0375 2832 Flpydisk - ok
22:42:26.0421 2832 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:42:26.0437 2832 FltMgr - ok
22:42:26.0453 2832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:42:26.0453 2832 Fs_Rec - ok
22:42:26.0484 2832 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:42:26.0500 2832 Ftdisk - ok
22:42:26.0515 2832 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:42:26.0515 2832 Gpc - ok
22:42:26.0578 2832 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:42:26.0578 2832 hidusb - ok
22:42:26.0593 2832 hpn - ok
22:42:26.0656 2832 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
22:42:26.0656 2832 HTTP - ok
22:42:26.0671 2832 i2omgmt - ok
22:42:26.0718 2832 i2omp - ok
22:42:26.0750 2832 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:42:26.0750 2832 i8042prt - ok
22:42:26.0796 2832 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:42:26.0796 2832 Imapi - ok
22:42:26.0843 2832 ini910u - ok
22:42:26.0890 2832 IntelIde - ok
22:42:26.0921 2832 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:42:26.0921 2832 intelppm - ok
22:42:26.0968 2832 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:42:26.0968 2832 Ip6Fw - ok
22:42:27.0015 2832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:42:27.0015 2832 IpFilterDriver - ok
22:42:27.0046 2832 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:42:27.0046 2832 IpInIp - ok
22:42:27.0078 2832 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:42:27.0078 2832 IpNat - ok
22:42:27.0125 2832 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:42:27.0125 2832 IPSec - ok
22:42:27.0156 2832 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:42:27.0156 2832 IRENUM - ok
22:42:27.0250 2832 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:42:27.0250 2832 isapnp - ok
22:42:27.0265 2832 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:42:27.0265 2832 Kbdclass - ok
22:42:27.0296 2832 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:42:27.0312 2832 KSecDD - ok
22:42:27.0359 2832 lbrtfdc - ok
22:42:27.0437 2832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:42:27.0437 2832 mnmdd - ok
22:42:27.0500 2832 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
22:42:27.0500 2832 Modem - ok
22:42:27.0515 2832 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:42:27.0515 2832 Mouclass - ok
22:42:27.0578 2832 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:42:27.0578 2832 mouhid - ok
22:42:27.0609 2832 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:42:27.0609 2832 MountMgr - ok
22:42:27.0625 2832 mraid35x - ok
22:42:27.0656 2832 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:42:27.0671 2832 MRxDAV - ok
22:42:27.0687 2832 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:42:27.0718 2832 MRxSmb - ok
22:42:27.0750 2832 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:42:27.0750 2832 Msfs - ok
22:42:27.0796 2832 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:42:27.0796 2832 mssmbios - ok
22:42:27.0828 2832 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:42:27.0828 2832 Mup - ok
22:42:27.0859 2832 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:42:27.0875 2832 NDIS - ok
22:42:27.0890 2832 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:42:27.0890 2832 NdisTapi - ok
22:42:27.0921 2832 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:42:27.0921 2832 Ndisuio - ok
22:42:27.0937 2832 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:42:27.0937 2832 NdisWan - ok
22:42:27.0984 2832 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:42:27.0984 2832 NDProxy - ok
22:42:28.0015 2832 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:42:28.0015 2832 NetBIOS - ok
22:42:28.0046 2832 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:42:28.0046 2832 NetBT - ok
22:42:28.0140 2832 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:42:28.0140 2832 Npfs - ok
22:42:28.0171 2832 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:42:28.0203 2832 Ntfs - ok
22:42:28.0250 2832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:42:28.0250 2832 Null - ok
22:42:28.0296 2832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:42:28.0296 2832 NwlnkFlt - ok
22:42:28.0312 2832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:42:28.0312 2832 NwlnkFwd - ok
22:42:28.0359 2832 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
22:42:28.0359 2832 Parport - ok
22:42:28.0390 2832 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:42:28.0390 2832 PartMgr - ok
22:42:28.0421 2832 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
22:42:28.0421 2832 ParVdm - ok
22:42:28.0437 2832 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
22:42:28.0453 2832 PCI - ok
22:42:28.0468 2832 PCIDump - ok
22:42:28.0500 2832 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:42:28.0500 2832 PCIIde - ok
22:42:28.0546 2832 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:42:28.0546 2832 Pcmcia - ok
22:42:28.0578 2832 PDCOMP - ok
22:42:28.0593 2832 PDFRAME - ok
22:42:28.0625 2832 PDRELI - ok
22:42:28.0656 2832 PDRFRAME - ok
22:42:28.0687 2832 perc2 - ok
22:42:28.0718 2832 perc2hib - ok
22:42:28.0828 2832 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:42:28.0828 2832 PptpMiniport - ok
22:42:28.0875 2832 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:42:28.0875 2832 PSched - ok
22:42:28.0906 2832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:42:28.0906 2832 Ptilink - ok
22:42:28.0921 2832 ql1080 - ok
22:42:28.0953 2832 Ql10wnt - ok
22:42:28.0984 2832 ql12160 - ok
22:42:29.0015 2832 ql1240 - ok
22:42:29.0046 2832 ql1280 - ok
22:42:29.0062 2832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:42:29.0078 2832 RasAcd - ok
22:42:29.0109 2832 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:42:29.0109 2832 Rasl2tp - ok
22:42:29.0156 2832 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:42:29.0156 2832 RasPppoe - ok
22:42:29.0171 2832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:42:29.0187 2832 Raspti - ok
22:42:29.0203 2832 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:42:29.0218 2832 Rdbss - ok
22:42:29.0234 2832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:42:29.0234 2832 RDPCDD - ok
22:42:29.0328 2832 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:42:29.0328 2832 RDPWD - ok
22:42:29.0390 2832 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:42:29.0390 2832 redbook - ok
22:42:29.0531 2832 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:42:29.0531 2832 Secdrv - ok
22:42:29.0578 2832 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:42:29.0578 2832 serenum - ok
22:42:29.0609 2832 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
22:42:29.0625 2832 Serial - ok
22:42:29.0640 2832 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:42:29.0640 2832 Sfloppy - ok
22:42:29.0703 2832 Simbad - ok
22:42:29.0718 2832 Sparrow - ok
22:42:29.0781 2832 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
22:42:29.0781 2832 sr - ok
22:42:29.0828 2832 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
22:42:29.0843 2832 Srv - ok
22:42:29.0875 2832 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:42:29.0890 2832 swenum - ok
22:42:29.0921 2832 symc810 - ok
22:42:29.0953 2832 symc8xx - ok
22:42:29.0984 2832 sym_hi - ok
22:42:30.0015 2832 sym_u3 - ok
22:42:30.0078 2832 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:42:30.0078 2832 Tcpip - ok
22:42:30.0109 2832 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:42:30.0125 2832 TDPIPE - ok
22:42:30.0140 2832 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:42:30.0140 2832 TDTCP - ok
22:42:30.0171 2832 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:42:30.0171 2832 TermDD - ok
22:42:30.0218 2832 TosIde - ok
22:42:30.0296 2832 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:42:30.0296 2832 Udfs - ok
22:42:30.0312 2832 ultra - ok
22:42:30.0359 2832 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:42:30.0359 2832 Update - ok
22:42:30.0406 2832 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:42:30.0406 2832 usbehci - ok
22:42:30.0437 2832 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:42:30.0437 2832 usbhub - ok
22:42:30.0468 2832 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:42:30.0468 2832 usbprint - ok
22:42:30.0515 2832 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:42:30.0515 2832 USBSTOR - ok
22:42:30.0546 2832 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:42:30.0546 2832 usbuhci - ok
22:42:30.0578 2832 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:42:30.0578 2832 VgaSave - ok
22:42:30.0609 2832 ViaIde - ok
22:42:30.0640 2832 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
22:42:30.0640 2832 VolSnap - ok
22:42:30.0703 2832 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:42:30.0703 2832 Wanarp - ok
22:42:30.0734 2832 WDICA - ok
22:42:30.0937 2832 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
22:42:31.0312 2832 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:42:31.0312 2832 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:42:31.0328 2832 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR7
22:42:31.0421 2832 \Device\Harddisk1\DR7 - ok
22:42:31.0453 2832 Boot (0x1200) (89a1dd9ad0ce5ff130e182bbc1036382) \Device\Harddisk0\DR0\Partition0
22:42:31.0468 2832 \Device\Harddisk0\DR0\Partition0 - ok
22:42:31.0484 2832 Boot (0x1200) (3733795aeb380a7649de0827e88572d6) \Device\Harddisk1\DR7\Partition0
22:42:31.0484 2832 \Device\Harddisk1\DR7\Partition0 - ok
22:42:31.0500 2832 ============================================================
22:42:31.0500 2832 Scan finished
22:42:31.0500 2832 ============================================================
22:42:31.0546 2820 Detected object count: 1
22:42:31.0546 2820 Actual detected object count: 1
22:43:30.0328 2820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:43:30.0328 2820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:48:28.0968 2752 Deinitialize success


I couldn't run the MBR program, in fact I followed your advice :

"•Go to Start > Run and type: cmd.exe

•press Ok.

•At the command prompt type: c:\mbr.exe >>"C:\mbr.log"

•press Enter."

When I type c:\mbr.exe >>"C:\mbr.log", it blocks my computer and cannot go farer.... What can I do?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:57 AM

Posted 02 March 2012 - 09:07 PM

Lets try these.
It looks like you need ti re-istall Avast.

Run TDSS again without changing the parameter as before.
Skip this step....
•Click on Change Parameters
•Put a check in the box of Detect TDLFS file system


*]Run TDSSKiller.exe.
[*] Click Start scan.
[*]When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
[*]Let reboot if needed and tell me if the tool needed a reboot.
[*]Click on Report and post the contents of the text file that will open.


Lets try this instead of MBR

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.[/list]
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ritta

ritta
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 03 March 2012 - 05:20 AM

Hello,

I managed to delete the virus, a friend of my (who works in the informatics) did it. Anyway many thanks for taking the time to help me :)

Have a nice day and thank you again.
Ritta

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:57 AM

Posted 03 March 2012 - 08:27 PM

Your welcome and thanks for lettiing me know.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users