Viruses And Trojans Found By Dr. Web, Need Urgent Help!

ephemeridos
edited November 2008 in Logs analysis

i was testing dr.web cureit and this program has found viruses and trojans on my computer. i have used desinfection and four files were deleted while desinfection has failed. the second dr.web scan is showing trojan in system volume information. before using dr.web i have checked my computer with superantyspyware and malwarebyt but the scanns were clean. my bitdefender scanns were clean too.


i don't know what happened, but since using dr. web my bitdefender doesn't work anymore. i was trying to install it again from cd and i got to know that my disc drive isn't showing! in explorer. the cd wasn't starting automatically. i have tried the system restore but this doesn't work either. can anyone help me? i don't know what to do now. i had to download the trial version of betdefender in order to protect my computer until my problem is solved.


Thank you in advance for your help.


dr.web scanns are attached and here is the latest hijackthis scan:


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 20:20:31, on 09.11.2008


Platform: Windows XP SP3 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16735)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe


C:\Programme\BitDefender\BitDefender 2009\vsserv.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\Explorer.EXE


C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Programme\Bonjour\mDNSResponder.exe


C:\Programme\Easy-Hide-IP\services\EasyHideIp.exe


C:\Programme\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exe


C:\Programme\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exe


C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe


C:\WINDOWS\system32\nvsvc32.exe


C:\Programme\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\system32\SearchIndexer.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\ctfmon.exe


C:\WINDOWS\system32\SearchProtocolHost.exe


C:\WINDOWS\RTHDCPL.EXE


C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe


C:\Programme\Synaptics\SynTP\SynTPEnh.exe


C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe


C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe


C:\Programme\CyberLink\PowerDVD\PDVDServ.exe


C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe


C:\Programme\Java\jre1.6.0_07\bin\jusched.exe


C:\Programme\BillP Studios\WinPatrol\winpatrol.exe


C:\Programme\SweetIM\Messenger\SweetIM.exe


C:\Programme\iTunes\iTunesHelper.exe


C:\Programme\BitDefender\BitDefender 2009\bdagent.exe


C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


C:\Programme\Windows Desktop Search\WindowsSearch.exe


C:\Programme\iPod\bin\iPodService.exe


C:\Programme\Mozilla Firefox\firefox.exe


C:\Programme\BitDefender\BitDefender 2009\seccenter.exe


C:\WINDOWS\system32\wuauclt.exe


C:\Programme\Trend Micro\HijackThis\sniper.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :


R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll


O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"


O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE


O4 - HKLM\..\Run: [iAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"


O4 - HKLM\..\Run: [synTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe


O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H


O4 - HKLM\..\Run: [sMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe


O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe


O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe


O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"


O4 - HKLM\..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe -expressboot


O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime


O4 - HKLM\..\Run: [sweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe


O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"


O4 - HKLM\..\Run: [bDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"


O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')


O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


O4 - Global Startup: hpoddt01.exe.lnk = ?


O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe


O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe


O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162468014625


O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab


O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab


O20 - AppInit_DLLs: secuload.dll


O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll


O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe


O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe


O23 - Service: EasyHideIP - Unknown owner - C:\Programme\Easy-Hide-IP\services\EasyHideIp.exe


O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe


O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe


O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe


--


End of file - 9132 bytes

/applications/core/interface/file/attachment.php?id=3884" data-fileid="3884" rel="">SUPERAntiSpyware_Scan_Log___11_08_2008___02_42_28.log

post-16725-1226258557_thumb.jpg

post-16725-1226258582_thumb.jpg

/applications/core/interface/file/attachment.php?id=3887" data-fileid="3887" rel="">mbam_log_2008_11_07__18_21_44_.txt

/applications/core/interface/file/attachment.php?id=3888" data-fileid="3888" rel="">SUPERAntiSpyware_Scan_Log___11_08_2008___02_42_28.log

Comments

  • The logs are clean :)

  • The logs are clean :)


    thank you for your reply. have you also checked attached dr.web logs? they are showing trojans and viruses. i have also problems with bitdefender and i'm not able to install it from cd. any advices what to do now?

  • If you can't install it from your cd, just download it from the site :D


    http://www.bitdefender.com/site/Downloads/


    :)

  • If you can't install it from your cd, just download it from the site :D


    http://www.bitdefender.com/site/Downloads/


    :)


    yes, i have the trial version until i can solve the problem with my disc drive. i would love to install bitdefender from my cd.


    i have purchased bd2009 2 months ago.

  • hi guys,


    sorry, the hijackthis log wasn't clean. i have gotten better support in another forum. and the matter with my dvd-cd-rom drive


    is also solved. i'll let you figure out how without my further information. my fedback to you: you must improve yours support essentially.


    kind regards :D