I'm stuck

[blacksea]

I have a very nasty virus in the new laptop i have now. There is a fake antivirus and I get all kinds of alert. I cant open anything and cant open my browser. I am able to get in the safe mode. Here is the scan log and hijack log. But I wasn't able to do the dds. No log has appeard after clicking on it.

 

IObit Security 360

 

OS:Windows 7

Version:1.5.0.13

Define Version:1838

Time Elapsed:00:15:49

Objects Scanned:67254

Threats Found:1

 

|Name|Type|Description|ID|

Misleading.SecurityTool - Quarantined, File, C:\Users\serdar yuksel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK, 4-2598

 

 

----------------------------------

 

Logfile of IObit HijackScan v0.2.0.0

Scan saved at 2:36:5, on 2010-10-9

 

Running processes:

C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2START.EXE

C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Program Files (x86)\IObit\IObit Security 360\a_hijackscan.exe

C:\Windows\SysWOW64\DllHost.exe

 

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [internetCalls] "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\: [240314] "C:\Users\serdar yuksel\AppData\Local\240314.exe" 5 23

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [a-squared] "C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501}Checkers.CheckersLogic.1 - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}MessengerStatsClient.MessengerStatsClientLogic.1 - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D}SRLDetection_CYRI.SysInfo.1 - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}MinesweeperFlags.SweeperLogic.1 - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: SAS Core Service - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Emsisoft Anti-Malware 5.0 - Service - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: DCOM Server Process Launcher - Unknown -

O23 - Service: Diagnostic Policy Service - Unknown -

O23 - Service: Acer ePower Service - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: Group Policy Client - Unknown -

O23 - Service: GRegService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Windows CardSpace - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: MyWinLocker Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: Net.Tcp Port Sharing Service - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: nProtect GameGuard Service - INCA Internet Co., Ltd. - C:\Windows\system32\GameMon.des

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Quality Windows Audio Video Experience - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) - Unknown -

O23 - Service: Security Accounts Manager - Unknown -

O23 - Service: Secondary Logon - Unknown - %windir%\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: Distributed Link Tracking Client - Unknown -

O23 - Service: Windows Modules Installer - Unknown -

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Block Level Backup Engine Service - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host - Unknown -

O23 - Service: Diagnostic System Host - Unknown -

O23 - Service: Windows Media Player Network Sharing Service - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

[blacksea]

Mamb log

 

Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

 

Databaseversie: 4784

 

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

 

9-10-2010 15:21:42

mbam-log-2010-10-09 (15-21-42).txt

 

Scantype: Volledige scan (C:\|)

Objecten gescand: 232170

Verstreken tijd: 36 minuut/minuten, 21 seconde(n)

 

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 3

 

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

 

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

 

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

 

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

 

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

 

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

 

Bestanden geïnfecteerd:

C:\Users\serdar yuksel\AppData\Local\Comodo\Dragon\User Data\Default\Cache\f_0008ce (RogueSecurityIS) -> Quarantined and deleted successfully.

C:\Users\serdar yuksel\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\serdar yuksel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

[blacksea]

Due a crash the my laptop automaticly did a systemrestore of 4 days back I think.. And Now everythings works well again? But I don't think that all is solved up.