recently i installed malwarebytes and scaned and it shows PUM.Hijack.StartMenu is infected,when trying to remove it done,but after it again same infected file is found ,what kind of infected file and how to remove it ?what kind of settings will change?
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.11.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home:: xp[administrator]
Protection: Disabled
8/11/2013 7:04:28 PM
mbam-log-2013-08-11 (19-04-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279024
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Note:i dont have avast antivirus but below logs showing it,iam using eset[attachment=140807:attach.txt]
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Home at 8:10:08 on 2013-08-13
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.42 [GMT 5.5:30]
.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: avast! antivirus 4.8.1335 [VPS 090510-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Reliance Netconnect\bin\MonServiceUDisk.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.epicsearch.in/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Hard Disk Sentinel] "c:\program files\hard disk sentinel\HDSentinel.exe" /AUTORUN
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: En&queue current page with BID - c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{014B0BBC-01F9-4E7A-90FB-408F484BD27C} : NameServer = 4.2.2.2 121.242.190.210
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WgaLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 66.98.148.65 auto.search.msn.com
Hosts: 66.98.148.65 auto.search.msn.es
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\home\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-07-08 16:12; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF - ExtSQL: 2013-07-12 13:23; multirevenue@googlemail.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\multirevenue@googlemail.com.xpi
FF - ExtSQL: 2013-07-19 16:39; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2013-07-21 08:45; draggablestar@sdrocking.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\draggablestar@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:46; cam@sdrocking.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\cam@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 08:47; better_url@sdrocking.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\better_url@sdrocking.com.xpi
FF - ExtSQL: 2013-07-21 12:31; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-07-21 12:31; thumbnailZoom@dadler.github.com; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-07-21 12:31; snaplinks@snaplinks.mozdev.org; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\snaplinks@snaplinks.mozdev.org.xpi
FF - ExtSQL: 2013-07-21 12:31; client@anonymox.net; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2013-07-23 18:59; reloadplus@blackwind; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\reloadplus@blackwind.xpi
FF - ExtSQL: 2013-07-23 19:03; {6BB5760D-F97E-421B-AF5B-8457A90C3CED}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
FF - ExtSQL: 2013-07-23 19:05; {ada4b710-8346-4b82-8199-5de2b400a6ae}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - ExtSQL: 2013-07-23 19:05; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
FF - ExtSQL: 2013-07-23 19:16; superstart@enjoyfreeware.org; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-07-23 19:19; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\documents and settings\home\application data\mozilla\firefox\profiles\nam2i820.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2011-12-21 20744]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2012-7-5 41912]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-1-10 122240]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2013-1-15 118344]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-3-21 1341664]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2012-7-5 68832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-11 418376]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-7-5 578264]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R2 UDisk Monitor;UDisk Monitor;c:\program files\reliance netconnect\bin\MonServiceUDisk.exe [2012-7-5 512000]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2011-12-21 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-11 22856]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-4-10 135440]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2012-7-10 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2012-7-10 85696]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-11 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2011-4-19 176128]
S3 BTCOM;Bluetooth Serial port driver; [x]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-20 83168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-10-18 13224]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-7-5 27064]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-9-20 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2012-9-20 181344]
S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2007-7-20 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-7-5 105472]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
S4 OracleServiceORCL;OracleServiceORCL; [x]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-08-11 04:34:24 -------- d-----w- c:\documents and settings\home\application data\Malwarebytes
2013-08-11 04:34:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-11 04:33:59 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 04:33:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-11 03:02:47 -------- d-----w- c:\documents and settings\home\local settings\application data\Epic
2013-08-11 03:02:47 -------- d-----w- c:\documents and settings\home\application data\Epic
2013-08-11 03:02:23 -------- d-----w- c:\program files\Epic
2013-08-07 13:38:29 -------- d-----w- c:\documents and settings\home\local settings\application data\Opera Software
2013-08-07 13:38:23 -------- d-----w- c:\documents and settings\home\application data\Opera Software
2013-08-07 11:19:55 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-08-05 10:24:49 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-07-24 02:49:36 -------- d-----w- c:\program files\RF ToolBox
2013-07-18 09:40:40 13312 ----a-w- c:\windows\system32\borlndmm.dll
2013-07-18 09:40:12 -------- d-----w- c:\program files\LifeSignMini
2013-07-18 09:40:12 -------- d-----w- c:\documents and settings\home\application data\LifeSignMini
.
==================== Find3M ====================
.
2013-07-20 17:48:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-20 17:48:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 09:57:42 118344 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2013-05-21 08:49:42 98304 ----a-w- c:\windows\DUMP5311.tmp
2013-05-20 15:37:52 98304 ----a-w- c:\windows\DUMP46ad.tmp
.
============= FINISH: 8:10:56.39 ===============
[attachment=140807:attach.txt]
via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/504199/found-pumhijackstartmenu-in-pc/
Aucun commentaire:
Enregistrer un commentaire