Need Help Probably Have Virus

View previous topic View next topic Go down

Need Help Probably Have Virus

Post by Mrsram on 25th November 2009, 5:39 pm

Hi guys,

I have problem to open google.com for some days now. All other sites can be opneded except google. Please help.

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Belahzur on 25th November 2009, 7:31 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 25th November 2009, 8:41 pm

Hi Guys,

here it is,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:20, on 25.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 64.86.16.97 google.ae
O1 - Hosts: 64.86.16.97 google.as
O1 - Hosts: 64.86.16.97 google.at
O1 - Hosts: 64.86.16.97 google.az
O1 - Hosts: 64.86.16.97 google.ba
O1 - Hosts: 64.86.16.97 google.be
O1 - Hosts: 64.86.16.97 google.bg
O1 - Hosts: 64.86.16.97 google.bs
O1 - Hosts: 64.86.16.97 google.ca
O1 - Hosts: 64.86.16.97 google.cd
O1 - Hosts: 64.86.16.97 google.com.gh
O1 - Hosts: 64.86.16.97 google.com.hk
O1 - Hosts: 64.86.16.97 google.com.jm
O1 - Hosts: 64.86.16.97 google.com.mx
O1 - Hosts: 64.86.16.97 google.com.my
O1 - Hosts: 64.86.16.97 google.com.na
O1 - Hosts: 64.86.16.97 google.com.nf
O1 - Hosts: 64.86.16.97 google.com.ng
O1 - Hosts: 64.86.16.97 google.ch
O1 - Hosts: 64.86.16.97 google.com.np
O1 - Hosts: 64.86.16.97 google.com.pr
O1 - Hosts: 64.86.16.97 google.com.qa
O1 - Hosts: 64.86.16.97 google.com.sg
O1 - Hosts: 64.86.16.97 google.com.tj
O1 - Hosts: 64.86.16.97 google.com.tw
O1 - Hosts: 64.86.16.97 google.dj
O1 - Hosts: 64.86.16.97 google.de
O1 - Hosts: 64.86.16.97 google.dk
O1 - Hosts: 64.86.16.97 google.dm
O1 - Hosts: 64.86.16.97 google.ee
O1 - Hosts: 64.86.16.97 google.fi
O1 - Hosts: 64.86.16.97 google.fm
O1 - Hosts: 64.86.16.97 google.fr
O1 - Hosts: 64.86.16.97 google.ge
O1 - Hosts: 64.86.16.97 google.gg
O1 - Hosts: 64.86.16.97 google.gm
O1 - Hosts: 64.86.16.97 google.gr
O1 - Hosts: 64.86.16.97 google.ht
O1 - Hosts: 64.86.16.97 google.ie
O1 - Hosts: 64.86.16.97 google.im
O1 - Hosts: 64.86.16.97 google.in
O1 - Hosts: 64.86.16.97 google.it
O1 - Hosts: 64.86.16.97 google.ki
O1 - Hosts: 64.86.16.97 google.la

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Belahzur on 26th November 2009, 1:26 am

Hello.
I think the log was cut off, please post a full log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 5th December 2009, 3:50 pm

ok I am. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:35, on 05.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Movie Maker\moviemk.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 64.86.16.97 google.ae
O1 - Hosts: 64.86.16.97 google.as
O1 - Hosts: 64.86.16.97 google.at
O1 - Hosts: 64.86.16.97 google.az
O1 - Hosts: 64.86.16.97 google.ba
O1 - Hosts: 64.86.16.97 google.be
O1 - Hosts: 64.86.16.97 google.bg
O1 - Hosts: 64.86.16.97 google.bs
O1 - Hosts: 64.86.16.97 google.ca
O1 - Hosts: 64.86.16.97 google.cd
O1 - Hosts: 64.86.16.97 google.com.gh
O1 - Hosts: 64.86.16.97 google.com.hk
O1 - Hosts: 64.86.16.97 google.com.jm
O1 - Hosts: 64.86.16.97 google.com.mx
O1 - Hosts: 64.86.16.97 google.com.my
O1 - Hosts: 64.86.16.97 google.com.na
O1 - Hosts: 64.86.16.97 google.com.nf
O1 - Hosts: 64.86.16.97 google.com.ng
O1 - Hosts: 64.86.16.97 google.ch
O1 - Hosts: 64.86.16.97 google.com.np
O1 - Hosts: 64.86.16.97 google.com.pr
O1 - Hosts: 64.86.16.97 google.com.qa
O1 - Hosts: 64.86.16.97 google.com.sg
O1 - Hosts: 64.86.16.97 google.com.tj
O1 - Hosts: 64.86.16.97 google.com.tw
O1 - Hosts: 64.86.16.97 google.dj
O1 - Hosts: 64.86.16.97 google.de
O1 - Hosts: 64.86.16.97 google.dk
O1 - Hosts: 64.86.16.97 google.dm
O1 - Hosts: 64.86.16.97 google.ee
O1 - Hosts: 64.86.16.97 google.fi
O1 - Hosts: 64.86.16.97 google.fm
O1 - Hosts: 64.86.16.97 google.fr
O1 - Hosts: 64.86.16.97 google.ge
O1 - Hosts: 64.86.16.97 google.gg
O1 - Hosts: 64.86.16.97 google.gm
O1 - Hosts: 64.86.16.97 google.gr
O1 - Hosts: 64.86.16.97 google.ht
O1 - Hosts: 64.86.16.97 google.ie
O1 - Hosts: 64.86.16.97 google.im
O1 - Hosts: 64.86.16.97 google.in
O1 - Hosts: 64.86.16.97 google.it
O1 - Hosts: 64.86.16.97 google.ki
O1 - Hosts: 64.86.16.97 google.la
O1 - Hosts: 64.86.16.97 google.li
O1 - Hosts: 64.86.16.97 google.lv
O1 - Hosts: 64.86.16.97 google.ma
O1 - Hosts: 64.86.16.97 google.ms
O1 - Hosts: 64.86.16.97 google.mu
O1 - Hosts: 64.86.16.97 google.mw
O1 - Hosts: 64.86.16.97 google.nl
O1 - Hosts: 64.86.16.97 google.no
O1 - Hosts: 64.86.16.97 google.nr
O1 - Hosts: 64.86.16.97 google.nu
O1 - Hosts: 64.86.16.97 google.pl
O1 - Hosts: 64.86.16.97 google.pn
O1 - Hosts: 64.86.16.97 google.pt
O1 - Hosts: 64.86.16.97 google.ro
O1 - Hosts: 64.86.16.97 google.ru
O1 - Hosts: 64.86.16.97 google.rw
O1 - Hosts: 64.86.16.97 google.sc
O1 - Hosts: 64.86.16.97 google.se
O1 - Hosts: 64.86.16.97 google.sh
O1 - Hosts: 64.86.16.97 google.si
O1 - Hosts: 64.86.16.97 google.sm
O1 - Hosts: 64.86.16.97 google.st
O1 - Hosts: 64.86.16.97 google.tl
O1 - Hosts: 64.86.16.97 google.tm
O1 - Hosts: 64.86.16.97 google.tt
O1 - Hosts: 64.86.16.97 google.us
O1 - Hosts: 64.86.16.97 google.vu
O1 - Hosts: 64.86.16.97 google.ws
O1 - Hosts: 64.86.16.97 google.co.ck
O1 - Hosts: 64.86.16.97 google.co.id
O1 - Hosts: 64.86.16.97 google.co.il
O1 - Hosts: 64.86.16.97 google.co.in
O1 - Hosts: 64.86.16.97 google.co.jp
O1 - Hosts: 64.86.16.97 google.co.kr
O1 - Hosts: 64.86.16.97 google.co.ls
O1 - Hosts: 64.86.16.97 google.co.ma
O1 - Hosts: 64.86.16.97 google.co.nz
O1 - Hosts: 64.86.16.97 google.co.tz
O1 - Hosts: 64.86.16.97 google.co.ug
O1 - Hosts: 64.86.16.97 google.co.uk
O1 - Hosts: 64.86.16.97 google.co.za
O1 - Hosts: 64.86.16.97 google.co.zm
O1 - Hosts: 64.86.16.97 google.com
O1 - Hosts: 64.86.16.97 google.com.af
O1 - Hosts: 64.86.16.97 google.com.ag
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:\WINDOWS\TEMP\E_SCE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Ali\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SmartVoip] "C:\Programme\SmartVoip.com\SmartVoip\SmartVoip.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11877 bytes

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Belahzur on 5th December 2009, 4:25 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 6th December 2009, 6:20 pm


Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 6th December 2009, 6:29 pm

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.12.2009 19:05:52
mbam-log-2009-12-06 (19-05-52).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 111925
Laufzeit: 7 minute(s), 45 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 748
Infizierte Registrierungswerte: 13
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-Trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoTrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 6th December 2009, 6:31 pm

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.12.2009 19:05:52
mbam-log-2009-12-06 (19-05-52).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 111925
Laufzeit: 7 minute(s), 45 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 748
Infizierte Registrierungswerte: 13
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAbout.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAd-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsamon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsanti-Trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsantiVirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAntiVirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAntiVirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAntiVirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAntiVirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsantiVirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsapimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsaplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsapvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsarr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsatcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsatguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsatro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsatupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsatwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsau.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsaupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsauto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsautoTrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsav360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Belahzur on 7th December 2009, 1:18 am

Hello.
Next,

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 9th December 2009, 8:48 pm

DDS 1

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ali at 21:41:01,14 on 09.12.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.990.452 [GMT 1:00]

AV: Windows PC Defender *On-access scanning enabled* (Updated) {7A03E63C-BEF1-4840-959C-B2E496AF5F58}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Windows PC Defender *enabled* {0B8BE7E9-8715-4192-A5D6-3B5A36145FC9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
C:\Dokumente und Einstellungen\Ali\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: H - No File
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\programme\dealio toolbar\DealioToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\programme\dealio toolbar\DealioToolbarIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\programme\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Stylus S20 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieae.exe /fu "c:\windows\temp\E_SCE.tmp" /EF "HKCU"
uRun: [Google Update] "c:\dokumente und einstellungen\ali\lokale einstellungen\anwendungsdaten\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\programme\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [T-Online_Software_6\WLAN-Access Finder] c:\programme\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
uRun: [AutoStartNPSAgent] c:\programme\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SmartVoip] "c:\programme\smartvoip.com\smartvoip\SmartVoip.exe" -nosplash -minimized
uRun: [WMPNSCFG] c:\programme\windows media player\WMPNSCFG.exe
mRun: [D-Link AirPlus G] c:\programme\d-link\airplus g\AirGCFG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
mRun: [SearchSettings] c:\programme\search settings\SearchSettings.exe
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [NPSStartup]
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [InfoCockpit] c:\programme\t-online\t-online_software_6\info-cockpit\IC_START.EXE /nosplash
dRun: [T-Online_Software_6\WLAN-Access Finder] c:\programme\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office\OSA9.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\online~1.lnk - c:\programme\onlinecontrol\ocontrol.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2009-12-9 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2009-12-9 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2009-12-9 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-9 55656]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-9-21 233472]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\gemeinsame dateien\marmiko shared\MZCCntrl.exe [2009-10-3 61440]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-9-21 36608]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\gemein~1\marmik~1\MACNDIS5.SYS [2009-10-3 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\gemein~1\marmik~1\minfrais\MIINPazX.SYS [2009-10-3 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\t-online\t-onli~1\basis-~1\basis1\MTOnlPktAlyX.SYS [2009-10-3 17536]

=============== Created Last 30 ================

2009-12-09 17:13:14 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 17:13:08 0 d-----w- c:\programme\Avira
2009-12-09 17:13:08 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Avira
2009-12-06 17:52:18 0 d-----w- c:\dokume~1\ali\anwend~1\Malwarebytes
2009-12-06 17:52:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-06 17:52:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 17:52:12 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2009-12-06 17:52:11 0 d-----w- c:\programme\Malwarebytes' Anti-Malware
2009-11-28 16:30:54 0 d-----w- c:\dokume~1\ali\anwend~1\SmartVoip
2009-11-28 14:47:28 0 d-----w- c:\programme\MarkAny
2009-11-28 14:22:57 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2009-11-28 14:22:57 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2009-11-28 14:22:57 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2009-11-25 20:34:15 0 d-----w- c:\programme\Trend Micro
2009-11-20 18:29:30 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-20 18:29:30 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-20 18:29:30 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-20 18:29:30 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-20 18:29:30 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-20 18:29:30 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-20 18:29:30 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-20 18:29:30 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-20 18:29:27 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-20 18:29:27 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-20 18:29:26 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-20 18:29:26 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-10 17:57:28 0 d-sh--w- c:\dokumente und einstellungen\ali\IECompatCache
2009-11-10 17:56:32 0 d-sh--w- c:\dokumente und einstellungen\ali\PrivacIE
2009-11-10 17:55:23 0 d-sh--w- c:\dokumente und einstellungen\ali\IETldCache
2009-11-10 17:49:15 0 d-----w- c:\windows\ie8updates
2009-11-10 17:47:31 0 dc-h--w- c:\windows\ie8
2009-11-10 17:46:07 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-10 17:45:53 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-10 17:45:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-10 17:45:52 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-10 17:45:52 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-10 17:45:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-10 17:45:51 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

==================== Find3M ====================

2009-10-25 09:37:18 84318 ----a-w- c:\windows\system32\perfc007.dat
2009-10-25 09:37:18 458476 ----a-w- c:\windows\system32\perfh007.dat
2009-10-23 13:45:13 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-11 14:17:01 136192 ----a-w- c:\windows\system32\msv1_0.dll

============= FINISH: 21:41:26,48 ===============

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 9th December 2009, 8:50 pm

DDS Text Part 1

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 16.08.2008 16:23:50
System Uptime: 12.09.2009 18:11:09 (2115 hours ago)

Motherboard: | | C51GM-M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket M2 | 2411/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 262,669 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Videocontroller (VGA-kompatibel)
Device ID: PCI\VEN_10DE&DEV_0242&SUBSYS_022210DE&REV_A2\3&2411E6FE&0&28
Manufacturer:
Name: Videocontroller (VGA-kompatibel)
PNP Device ID: PCI\VEN_10DE&DEV_0242&SUBSYS_022210DE&REV_A2\3&2411E6FE&0&28
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM-Bus-Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_1B571019&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM-Bus-Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_1B571019&REV_A3\3&2411E6FE&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Anderes PCI-Brückengerät
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_1B571019&REV_A3\3&2411E6FE&0&A0
Manufacturer:
Name: Anderes PCI-Brückengerät
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_1B571019&REV_A3\3&2411E6FE&0&A0
Service:

==== System Restore Points ===================

RP210: 11.09.2009 16:27:39 - Systemprüfpunkt
RP211: 12.09.2009 12:12:50 - Removed Paint Shop Pro 7 ESD
RP212: 12.09.2009 12:13:04 -
RP213: 12.09.2009 12:34:15 - Installed Windows Media Format Runtime
RP214: 12.09.2009 13:29:52 - Installed Windows Media Format Runtime
RP215: 12.09.2009 14:04:11 - Installed Windows Media Format Runtime
RP216: 12.09.2009 15:01:40 - Installed Windows Media Format Runtime
RP217: 12.09.2009 15:42:33 - Installed Windows Media Format Runtime
RP218: 12.09.2009 20:04:10 - Installed Windows Media Format Runtime
RP219: 13.09.2009 20:05:09 - Systemprüfpunkt
RP220: 17.09.2009 18:03:47 - Systemprüfpunkt
RP221: 18.09.2009 21:10:19 - Installed Windows Media Format Runtime
RP222: 18.09.2009 21:29:42 - Installed Windows Media Format Runtime
RP223: 19.09.2009 21:59:19 - Systemprüfpunkt
RP224: 21.09.2009 12:54:09 - Systemprüfpunkt
RP225: 21.09.2009 16:56:28 - Installed Samsung New PC Studio
RP226: 21.09.2009 17:03:43 - Installed Samsung New PC Studio USB Driver Installer
RP227: 22.09.2009 17:12:29 - Removed Samsung New PC Studio
RP228: 22.09.2009 20:07:51 - Installed Corel Paint Shop Pro X - Installation Files
RP229: 22.09.2009 20:08:51 - Installed Corel Paint Shop Pro X
RP230: 23.09.2009 21:54:45 - Systemprüfpunkt
RP231: 25.09.2009 13:50:15 - Systemprüfpunkt
RP232: 26.09.2009 13:57:31 - Systemprüfpunkt
RP233: 29.09.2009 18:12:41 - Systemprüfpunkt
RP234: 03.10.2009 14:09:53 - Installiert T-Online 6.0
RP235: 03.10.2009 14:10:20 - Installiert T-Online Router Web-IF Management
RP236: 03.10.2009 14:10:26 - Installiert Marmiko Infrastruktur Informationssystem
RP237: 03.10.2009 14:10:33 - Installiert T-Online WLAN-Access Finder
RP238: 03.10.2009 21:13:34 - Software Distribution Service 3.0
RP239: 05.10.2009 12:27:20 - Systemprüfpunkt
RP240: 05.10.2009 13:58:55 - Windows Live Anmelde-Assistent wird entfernt
RP241: 06.10.2009 16:19:52 - Systemprüfpunkt
RP242: 07.10.2009 16:20:18 - Systemprüfpunkt
RP243: 11.10.2009 14:21:50 - Systemprüfpunkt
RP244: 12.10.2009 21:17:50 - Systemprüfpunkt
RP245: 14.10.2009 11:17:13 - Systemprüfpunkt
RP246: 14.10.2009 13:23:10 - Software Distribution Service 3.0
RP247: 15.10.2009 14:46:01 - Systemprüfpunkt
RP248: 16.10.2009 15:48:30 - Systemprüfpunkt
RP249: 18.10.2009 14:47:43 - Systemprüfpunkt
RP250: 19.10.2009 21:36:23 - Systemprüfpunkt
RP251: 22.10.2009 12:51:28 - Systemprüfpunkt
RP252: 23.10.2009 15:46:23 - Removed Corel Paint Shop Pro X
RP253: 25.10.2009 11:34:07 - Installed Paint Shop Pro 7 Evaluation
RP254: 25.10.2009 11:43:20 - Removed Paint Shop Pro 7 Evaluation
RP255: 25.10.2009 11:43:34 -
RP256: 25.10.2009 11:47:14 - Installed Paint Shop Pro 7 Evaluation
RP257: 25.10.2009 11:48:12 -
RP258: 25.10.2009 16:53:04 - Removed Paint Shop Pro 7 Evaluation
RP259: 25.10.2009 16:53:19 -
RP260: 25.10.2009 17:04:10 - Installed Paint Shop Pro 7 ESD
RP261: 27.10.2009 06:57:37 - Software Distribution Service 3.0
RP262: 28.10.2009 22:19:30 - Software Distribution Service 3.0
RP263: 02.11.2009 15:01:52 - Removed Sunbelt Personal Firewall.
RP264: 02.11.2009 22:37:53 - Software Distribution Service 3.0
RP265: 04.11.2009 22:23:23 - Software Distribution Service 3.0
RP266: 06.11.2009 13:19:07 - Systemprüfpunkt
RP267: 08.11.2009 19:01:32 - Systemprüfpunkt
RP268: 10.11.2009 18:48:03 - Windows Internet Explorer 8 wurde installiert.
RP269: 10.11.2009 18:48:36 - Software Distribution Service 3.0
RP270: 10.11.2009 22:12:45 - Software Distribution Service 3.0
RP271: 11.11.2009 22:02:28 - Software Distribution Service 3.0
RP272: 14.11.2009 12:24:04 - Systemprüfpunkt
RP273: 14.11.2009 13:44:10 - Installed Adobe Reader 9.1 - Deutsch.
RP274: 15.11.2009 13:47:01 - Systemprüfpunkt
RP275: 16.11.2009 15:10:53 - Systemprüfpunkt
RP276: 17.11.2009 17:00:28 - Systemprüfpunkt
RP277: 18.11.2009 19:11:23 - Systemprüfpunkt
RP278: 20.11.2009 18:58:45 - Systemprüfpunkt
RP279: 22.11.2009 13:19:46 - Systemprüfpunkt
RP280: 23.11.2009 13:59:45 - Systemprüfpunkt
RP281: 24.11.2009 19:30:10 - Systemprüfpunkt
RP282: 25.11.2009 23:19:20 - Software Distribution Service 3.0
RP283: 27.11.2009 20:13:02 - Systemprüfpunkt
RP284: 28.11.2009 15:12:59 - Removed SamsungConnectivityCableDriver
RP285: 28.11.2009 15:13:40 - Removed Samsung New PC Studio USB Driver Installer
RP286: 28.11.2009 15:22:41 - Installed Samsung New PC Studio USB Driver Installer
RP287: 28.11.2009 15:46:36 - Installed Samsung New PC Studio
RP288: 29.11.2009 19:56:04 - Systemprüfpunkt
RP289: 30.11.2009 21:21:10 - Systemprüfpunkt
RP290: 04.12.2009 12:40:29 - Systemprüfpunkt
RP291: 06.12.2009 13:43:15 - Systemprüfpunkt
RP292: 07.12.2009 13:52:38 - Systemprüfpunkt
RP293: 08.12.2009 16:56:03 - Systemprüfpunkt
RP294: 09.12.2009 17:09:38 - Systemprüfpunkt
RP295: 09.12.2009 18:09:27 - Avira AntiVir Personal - 09.12.2009 18:09
RP296: 09.12.2009 18:12:16 - Avira AntiVir Personal - 09.12.2009 18:12

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 64.86.16.97 google.ae
Hosts: 64.86.16.97 google.as
Hosts: 64.86.16.97 google.at
Hosts: 64.86.16.97 google.az
Hosts: 64.86.16.97 google.ba
Hosts: 64.86.16.97 google.be
Hosts: 64.86.16.97 google.bg
Hosts: 64.86.16.97 google.bs
Hosts: 64.86.16.97 google.ca
Hosts: 64.86.16.97 google.cd
Hosts: 64.86.16.97 google.com.gh
Hosts: 64.86.16.97 google.com.hk
Hosts: 64.86.16.97 google.com.jm
Hosts: 64.86.16.97 google.com.mx
Hosts: 64.86.16.97 google.com.my
Hosts: 64.86.16.97 google.com.na
Hosts: 64.86.16.97 google.com.nf
Hosts: 64.86.16.97 google.com.ng
Hosts: 64.86.16.97 google.ch
Hosts: 64.86.16.97 google.com.np
Hosts: 64.86.16.97 google.com.pr
Hosts: 64.86.16.97 google.com.qa
Hosts: 64.86.16.97 google.com.sg
Hosts: 64.86.16.97 google.com.tj
Hosts: 64.86.16.97 google.com.tw
Hosts: 64.86.16.97 google.dj
Hosts: 64.86.16.97 google.de
Hosts: 64.86.16.97 google.dk
Hosts: 64.86.16.97 google.dm
Hosts: 64.86.16.97 google.ee
Hosts: 64.86.16.97 google.fi
Hosts: 64.86.16.97 google.fm
Hosts: 64.86.16.97 google.fr
Hosts: 64.86.16.97 google.ge
Hosts: 64.86.16.97 google.gg
Hosts: 64.86.16.97 google.gm
Hosts: 64.86.16.97 google.gr
Hosts: 64.86.16.97 google.ht
Hosts: 64.86.16.97 google.ie
Hosts: 64.86.16.97 google.im
Hosts: 64.86.16.97 google.in
Hosts: 64.86.16.97 google.it
Hosts: 64.86.16.97 google.ki
Hosts: 64.86.16.97 google.la
Hosts: 64.86.16.97 google.li
Hosts: 64.86.16.97 google.lv
Hosts: 64.86.16.97 google.ma
Hosts: 64.86.16.97 google.ms
Hosts: 64.86.16.97 google.mu
Hosts: 64.86.16.97 google.mw
Hosts: 64.86.16.97 google.nl
Hosts: 64.86.16.97 google.no
Hosts: 64.86.16.97 google.nr
Hosts: 64.86.16.97 google.nu
Hosts: 64.86.16.97 google.pl
Hosts: 64.86.16.97 google.pn
Hosts: 64.86.16.97 google.pt
Hosts: 64.86.16.97 google.ro
Hosts: 64.86.16.97 google.ru
Hosts: 64.86.16.97 google.rw
Hosts: 64.86.16.97 google.sc
Hosts: 64.86.16.97 google.se
Hosts: 64.86.16.97 google.sh
Hosts: 64.86.16.97 google.si
Hosts: 64.86.16.97 google.sm
Hosts: 64.86.16.97 google.st
Hosts: 64.86.16.97 google.tl
Hosts: 64.86.16.97 google.tm
Hosts: 64.86.16.97 google.tt
Hosts: 64.86.16.97 google.us
Hosts: 64.86.16.97 google.vu
Hosts: 64.86.16.97 google.ws
Hosts: 64.86.16.97 google.co.ck
Hosts: 64.86.16.97 google.co.id
Hosts: 64.86.16.97 google.co.il
Hosts: 64.86.16.97 google.co.in
Hosts: 64.86.16.97 google.co.jp
Hosts: 64.86.16.97 google.co.kr
Hosts: 64.86.16.97 google.co.ls
Hosts: 64.86.16.97 google.co.ma
Hosts: 64.86.16.97 google.co.nz
Hosts: 64.86.16.97 google.co.tz
Hosts: 64.86.16.97 google.co.ug
Hosts: 64.86.16.97 google.co.uk
Hosts: 64.86.16.97 google.co.za
Hosts: 64.86.16.97 google.co.zm
Hosts: 64.86.16.97 google.com
Hosts: 64.86.16.97 google.com.af
Hosts: 64.86.16.97 google.com.ag
Hosts: 64.86.16.97 google.com.ar
Hosts: 64.86.16.97 google.com.au
Hosts: 64.86.16.97 google.com.bn
Hosts: 64.86.16.97 google.com.br
Hosts: 64.86.16.97 google.com.by
Hosts: 64.86.16.97 google.com.bz
Hosts: 64.86.16.97 google.com.cu
Hosts: 64.86.16.97 google.com.ec
Hosts: 64.86.16.97 google.com.fj
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 google.com
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 bing.com
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 search.yahoo.com
Hosts: 64.86.16.97 [You must be registered and logged in to see this link.]
Hosts: 64.86.16.97 search.live.com
Hosts: 64.86.16.97 search.msn.com

==== Installed Programs ======================

AAC Decoder
Adobe Flash Player 10 ActiveX

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Mrsram on 9th December 2009, 8:51 pm

DDS Part 2 Text

Adobe Reader 9.2 - Deutsch
AirPlus G
ANIO Service
ANIWZCS2 Service
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Choice Guard
Compatibility Pack for the 2007 Office system
Dealio Toolbar v4.0.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Druckerdeinstallation für EPSON Stylus S20 Series
EPSON-Drucker-Software
Free Mp3 Wma Converter V 1.8.0
Google Chrome
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
MKV Splitter
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OnlineControl 1.2
Paint Shop Pro 7 ESD
PC Connectivity Solution
Picasa 3
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SamsungConnectivityCableDriver
Search Settings 1.2.2
Segoe UI
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 9 (KB936782)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953838)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB963027)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974455)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Skype™ 4.1
T-Online 6.0
T-Online WLAN-Access Finder
Total Video Converter 3.02
TVUPlayer 2.4.5.3
Update für Windows Internet Explorer 8 (KB975364)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update für Windows XP (KB976749)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
WebEx
WebFldrs XP
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFF 0.41
Yahoo! Messenger
YouTube Video Downloader V1.1.1

==== End Of File ===========================

Mrsram
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-11-25
OS OS : Windows XP Home Edition
Points Points : 25846
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help Probably Have Virus

Post by Belahzur on 9th December 2009, 10:30 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\drivers\etc\hosts

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum