Please help me!! my computer was probably infected by trojan

[lclee86]

Today i was suspecting that my computer was infected by trojan or viruses, because it turn slow suddenly and i had also find that there was some unidentified file in my system start up menu.
I had use the kapersky 7.0 to make a complete scan, unfortunately it can't solve up my problem (because that antivirus can't detect any virus).
Herein, i had attach my log file, hopefully someone can help me to solve my problem. Thanks.
avptool_syscheck.zip

[Rene-gad]

- Go Off-Line
Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteService('ferdr');
 QuarantineFile('D:\WINDOWS\system32\rfdswc.dll','');
 QuarantineFile('D:\WINDOWS\system32\winkve32.dll','');
 QuarantineFile('D:\WINDOWS\System32\Drivers\Ferdr.sys','');
 QuarantineFile('D:\WINDOWS\system32\cedafb.dll','');
 QuarantineFile('D:\WINDOWS\system32\ddserh.dll','');
 QuarantineFile('D:\WINDOWS\system32\fmcvxy.dll','');
 QuarantineFile('D:\WINDOWS\system32\fsrgeb.dll','');
 QuarantineFile('D:\WINDOWS\system32\hhrdxd.dll','');
 QuarantineFile('D:\WINDOWS\system32\jdsaex.dll','');
 QuarantineFile('D:\WINDOWS\system32\jfrwdh.dll','');
 QuarantineFile('D:\WINDOWS\system32\jfdses.dll','');
 QuarantineFile('D:\WINDOWS\system32\jggtsr.dll','');
 QuarantineFile('D:\WINDOWS\system32\jhfrxz.dll','');
 QuarantineFile('D:\WINDOWS\system32\mfdesy.dll','');
 QuarantineFile('D:\WINDOWS\system32\mtewdh.dll','');
 QuarantineFile('D:\WINDOWS\system32\pedadt.dll','');
 QuarantineFile('D:\WINDOWS\system32\tdffdl.dll','');
 QuarantineFile('D:\WINDOWS\system32\tdggrz.dll','');
 QuarantineFile('D:\WINDOWS\system32\tfsdmz.dll','');
 QuarantineFile('D:\WINDOWS\system32\wklsdd.dll','');
 QuarantineFile('D:\WINDOWS\system32\wrqszl.dll','');
 QuarantineFile('xxywXqNH.dll','');
 QuarantineFile('winkve32.dll','');
 QuarantineFile('D:\WINDOWS\system32\zefdst.dll','');
 QuarantineFile('D:\WINDOWS\system32\wyrsdj.dll','');
 DelBHO('{0E5DEF04-D845-4FDD-88D0-73E862875D15}');
 QuarantineFile('D:\WINDOWS\system32\pmnmnNGw.dll','');
 DelBHO('{D554A583-D4CF-4A6F-B07A-CB25F60FA743}');
 QuarantineFile('D:\WINDOWS\system32\xxywXqNH.dll','');
 DeleteFile('D:\WINDOWS\system32\xxywXqNH.dll');
 DeleteFile('D:\WINDOWS\system32\pmnmnNGw.dll');
 DeleteFile('D:\WINDOWS\system32\wyrsdj.dll');
 DeleteFile('D:\WINDOWS\system32\zefdst.dll');
 DeleteFile('winkve32.dll');
 DeleteFile('xxywXqNH.dll');
 DeleteFile('D:\WINDOWS\system32\wrqszl.dll');
 DeleteFile('D:\WINDOWS\system32\wklsdd.dll');
 DeleteFile('D:\WINDOWS\system32\tfsdmz.dll');
 DeleteFile('D:\WINDOWS\system32\tdggrz.dll');
 DeleteFile('D:\WINDOWS\system32\tdffdl.dll');
 DeleteFile('D:\WINDOWS\system32\rfdswc.dll');
 DeleteFile('D:\WINDOWS\system32\pedadt.dll');
 DeleteFile('D:\WINDOWS\system32\mtewdh.dll');
 DeleteFile('D:\WINDOWS\system32\mfdesy.dll');
 DeleteFile('D:\WINDOWS\system32\jhfrxz.dll');
 DeleteFile('D:\WINDOWS\system32\jggtsr.dll');
 DeleteFile('D:\WINDOWS\system32\jfdses.dll');
 DeleteFile('D:\WINDOWS\system32\jfrwdh.dll');
 DeleteFile('D:\WINDOWS\system32\jdsaex.dll');
 DeleteFile('D:\WINDOWS\system32\hhrdxd.dll');
 DeleteFile('D:\WINDOWS\system32\fsrgeb.dll');
 DeleteFile('D:\WINDOWS\system32\fmcvxy.dll');
 DeleteFile('D:\WINDOWS\system32\ddserh.dll');
 DeleteFile('D:\WINDOWS\system32\cedafb.dll');
 DeleteFile('D:\WINDOWS\System32\Drivers\Ferdr.sys');
 DeleteFile('D:\WINDOWS\system32\winkve32.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat log files in accordance with the rules. Pls. make a Hijackthis log too!!!
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine over the red link on the top of this page.
- Attach log to your new post..

[lclee86]

I had executed a log file which previously attach to my post.
Is that i had kill all viruses in my computer?
herein, i had attach both my log file.
avptool_syscheck.zip
hijackthis.log

[Rene-gad]

Fix with Hijackthis (Start/Scan.../choose these /press Fix checked)

Код:

O2 - BHO: (no name) - {0E5DEF04-D845-4FDD-88D0-73E862875D15} - D:\WINDOWS\system32\pmnmnNGw.dll (file missing)
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - D:\WINDOWS\system32\xxywXqNH.dll (file missing)
O4 - HKLM\..\Run: [e8b62e7e] rundll32.exe "D:\WINDOWS\system32\xfifmrau.dll",b
O4 - HKLM\..\Run: [BMdb057c0a] Rundll32.exe "D:\WINDOWS\system32\nvwhnmof.dll",s
O20 - Winlogon Notify: winkve32 - D:\WINDOWS\

Execute the script

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('D:\WINDOWS\system32\nvwhnmof.dll','');
 QuarantineFile('D:\WINDOWS\system32\xfifmrau.dll','');
 DelBHO('{0E5DEF04-D845-4FDD-88D0-73E862875D15}');
 QuarantineFile('D:\WINDOWS\system32\pmnmnNGw.dll','');
 DeleteFile('D:\WINDOWS\system32\pmnmnNGw.dll');
 DeleteFile('D:\WINDOWS\system32\xfifmrau.dll');
 DeleteFile('D:\WINDOWS\system32\nvwhnmof.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Repeat the both log files

[lclee86]

My pc still run very slow when start up. Is that my pc now is enough clean already?
This is my pc log file.
Hopefully, someone can help me to analise it.
avptool_syscheck.zip
hijackthis.log

Thanks.