no_one

December 4, 2012

Yes, it's ok to close my thread. Problem solved! Thank you!

December 3, 2012

MBAR log :

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.12.03.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Proiectare2 :: PROIECTARE2-PC [administrator]

12/3/2012 3:49:10 PM

mbar-log-2012-12-03 (15-49-10).txt

Scan type: Quick scan

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27342

Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ADWCleaner log :

# AdwCleaner v1.604 - Logfile created 12/03/2012 at 15:57:32

# Updated 23/04/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Proiectare2 - PROIECTARE2-PC

# Running from : C:\Users\Proiectare2\AppData\Local\Temp\installer.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Proiectare2\AppData\Roaming\Mozilla\Firefox\Profiles\t2aj69bb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [825 octets] - [03/12/2012 15:57:32]

########## EOF - C:\AdwCleaner[s1].txt - [952 octets] ##########

November 30, 2012

Now my internet speed is very good and I run a computer scan with nod 32 antivirus and it returns a "0" infections. Now, everything is back to normal on my coputer. Thank you very much!

November 29, 2012

Hello again!

Here are the logs :

System-log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED

CPU speed: 3.292000 GHz

Memory total: 8566251520, free: 5991972864

------------ Kernel report ------------

11/29/2012 14:42:52

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\e1c62x64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\LUsbFilt.Sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\eamonm.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\Drivers\Sentinel64.sys

\SystemRoot\system32\DRIVERS\epfwwfpr.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xfffffa800c352060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000083\

Lower Device Object: 0xfffffa800c299b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007674060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa80072c2680

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.29.06

Downloaded database version: v2012.11.28.01

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007674060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007674b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007674060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800739f520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80072c2680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a00d9a54e0, 0xfffffa8007674060, 0xfffffa800cc70790

Lower DeviceData: 0xfffff8a00c5a91a0, 0xfffffa80072c2680, 0xfffffa800cca3190

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

MBR is forged!

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F47852B

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 409393152

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600000 Numsec = 567142448

Partition 3 type is HIDDEN (0x17)

Partition is ACTIVE.

Partition starts at LBA: 976744448 Numsec = 20480

Partition is not bootable

Infected: VBR on Hidden active partition --> [Rootkit.Alureon.F.VBR]

Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Sector 976753168 --> [Forged physical sector]

Sector 976753169 --> [Forged physical sector]

.

here I deleted the lines because here were written all the sector's string and the post was too long

.

Sector 976769023 --> [Forged physical sector]

Sector 976773167 --> [Forged physical sector]

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800c352060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800b0e65b0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800c352060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800c299b60, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a01475c270, 0xfffffa800c352060, 0xfffffa800c3e8090

Lower DeviceData: 0xfffff8a011e83f20, 0xfffffa800c299b60, 0xfffffa800c487e40

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 9AACD5CF

Partition information:

Partition 0 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 16065 Numsec = 488376000

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

mbar-log :

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.29.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Proiectare2 :: PROIECTARE2-PC [administrator]

11/29/2012 2:50:03 PM

mbar-log-2012-11-29 (14-50-03).txt

Scan type: Quick scan

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27354

Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 14

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_3_976744448_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot. [195b46a15dec878e5846f1986c77aa33]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot. [131f87e86517b48eeff0ec83ab1fad51]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976753168_user.mbam (Forged physical sector) -> Delete on reboot. [ea5c99d73f21747bf95c559603dc5568]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976754400_user.mbam (Forged physical sector) -> Delete on reboot. [5c89370eda1df2e5d63c6d29d86b55b8]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976755339_user.mbam (Forged physical sector) -> Delete on reboot. [41c738613dd8253a0240d77ce4431bb5]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976755484_user.mbam (Forged physical sector) -> Delete on reboot. [d8e9eecd38c37ba6f8ebbae4767d2c6f]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976757572_user.mbam (Forged physical sector) -> Delete on reboot. [7381ae94fe6918016bc4823f2da5a6d1]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976758123_user.mbam (Forged physical sector) -> Delete on reboot. [226c39ded25b63837e3fe192bb221bfe]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976761074_user.mbam (Forged physical sector) -> Delete on reboot. [9771f37b5d71d25d041592255f22a50d]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976763171_user.mbam (Forged physical sector) -> Delete on reboot. [635ebb8e2e63178dcf6ee39b77981a0b]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976766288_user.mbam (Forged physical sector) -> Delete on reboot. [1479783dcb9108de97c8478a1e74406a]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976768733_user.mbam (Forged physical sector) -> Delete on reboot. [0caa23499ef410b376186aab81a469ea]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976769023_user.mbam (Forged physical sector) -> Delete on reboot. [d76298849e5a394fb6852da78e7bf199]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976773167_user.mbam (Forged physical sector) -> Delete on reboot. [131f87e86517b48eeff0ec83ab1fad51]

(end)

November 29, 2012

thank you very much, I posted on Malware Removal Forum.

November 29, 2012

Hello

Since approximately 3 months ago, my internet browsers respond very slow. I tried many internet browsers (mozilla,internet explorer, chrome) and all doing the same thing.

I type an web address and I hit the "enter" key and I have to wait more that half a minute for the page to start loading. My internet speed is very good and my coworkers don't have any problem with the browsers.

Yesterday I did a scan with eset nod antivirus and in the log report I saw the below infections :

"Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean"

"Operating memory > firefox.exe(7448) - a variant of Win32/Olmasco.AD trojan - unable to clean"

I tried to find a way on the internet to get rid of these trojans, but I find out that is a little bit difficult because of the different tipe of these trojans.

Hope you can help me like in this post : ( http://forums.malwarebytes.org/index.php?showtopic=115649&st=0 )

November 29, 2012

Hello

Since approximately 3 months ago, my internet browsers respond very slow. I tried many internet browsers (mozilla,internet explorer, chrome) and all doing the same thing.

I type an web address and I hit the "enter" key and I have to wait more that half a minute for the page to start loading. My internet speed is very good and my coworkers don't have any problem with the browsers.

Yesterday I did a scan with eset nod antivirus and in the log report I saw the below infections :

"Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean"

"Operating memory > firefox.exe(7448) - a variant of Win32/Olmasco.AD trojan - unable to clean"

I tried to find a way on the internet to get rid of these trojans, but I find out that is a little bit difficult because of the different tipe of these trojans.

Hope you can help me like in this post : (http://forums.malwarebytes.org/index.php?showtopic=115649&st=0)

Sign In

no_one

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by no_one

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information