Jump to content

yeka

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

 Content Type 

Everything posted by yeka

  1. yeka
    YES!!!!!! it's gone! Thank you for your help! everything is back to the way it was as far as i can see. thank you
  2. yeka
    Hi, i didn't manage to do all the things you told me. I tried to give this a try: http://www.kellys-korner-xp.com/xp_wel_screen.htm "Show Administrator on the Welcome Screen" but i didn't understand how to do it. I also wanted to try this http://support.microsoft.com/kb/302346/, am i suppose to remove this --> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL ? i couldn't find this, maybe i searched wrong. And i also do not have any back up so i was afraid doing it wrong. What i did was the dial-a-fix thing. And this: "Try this. Click on START - RUN and type in control userpasswords2 and change your password, or look on the Advanced tab and make sure that is not checked. Try creating a new account and giving it a password." I couldnt find where to change my password doing it your way so i did it through control panel --> user account (i dont know the english words..?) And the "Require users to press CTRL+ALT+Delete" was not checked. I did create a new account with password and then reboot. Now there is nimda and that new account but not my own account. WHile i was changing my password in my own accont i saw this: The administrator account is visible only on the welcome screen when no other user account is created (except the guest account), or when you start the computer in safe mode. (i translated this from swedish). Is this intresting? The nimda account is also a administrator account.. it says so anyway..
  3. yeka
    i had no time to try these things today, i'll try tomorrow! thank you!
  4. yeka
    i don't know how to explain it in another way.. i'm not so good at "computer-words" hehe.. but i'll try again. The main issue is that my own useraccount doesn't show up in the welcome-screen. when i start the computer and the welcome-screen comes up there is only nimda as the user account and it wants a password. I tried to log in once with my own password to nimda to see if it works, but it didn't. Then the swedish forum said that the password is probably "nimda" but i never tried it since i found another way to log in with my own account and because i don't feel comfortable to log in with the nimda account. When i'm on the welcome screen and press ctrl+alt+delete twice, a "classic" log in version shows up and there is my own useraccont aldready typed so i just have to type my password and log in. And the other issue is the one i told yesterday, i've been having this issue for a couple of days now as far as i have noticed it, the little icons that is the websites own logos that is shown beside the www-address is not right. e.g. Instead of googles logotype my schools logotype takes place, instead of youtube there is a logotype that im not familiar with, same thing is for this site MBAM and so on... And sometimes there's no logo at all, when i know it should be. another issue that i had after this nimda thing (but it seems to be gone now) is that when i didn't touch the computer for a couple of minutes the account logged out and the welcome-screen appeared. This time both nimda and my own account was there, so i could log in with my own account directly from the welcome-screen. There was two strange things about this, one was that usually it takes longer time for the account to log out itself and the other thing was that when the account logs out usually Msn also log out, but when the account logs out in this way everything is like i never had logged out, the msn is still on when it should have logged out for example. I was thinking of maybe try to log in in the nimda account and try to remove it myself but i don't now if i dare and if it is safe to do it? or if it even is an actual account...? Maybe it is better to just restore or something.. As i said before, if i'm going to do some re-installing actions i wolud like to return to the swedish forum and get the guidence in swedish if it is ok.
  5. yeka
    everything is still the same. Another thing i noticed is that the little icons (that are shown where you type the www-address) for specific pages is not correct, e.g. YouTube - sometimes there is no icon and sometimes there is another icon that belongs to another site instead of its own logo. I don't know if i managed to explain it, ask again if u didn't understand and if it is relevant. DrWeb+Hijackthis A0000001.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{15CB993F-554A-4EB6-86A2-9337A03CDEC3}\RP1\A0000001.exe/data002;Program.PsExec.171;; data002;C:\System Volume Information\_restore{15CB993F-554A-4EB6-86A2-9337A03CDEC3}\RP1;Archive contains infected objects;; A0000001.exe;C:\System Volume Information\_restore{15CB993F-554A-4EB6-86A2-9337A03CDEC3}\RP1;Container contains infected objects;Moved.; ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Administrator\Skrivbord\ComboFix.exe/data002;Program.PsExec.171;; data002;C:\Documents and Settings\Administrator\Skrivbord;Archive contains infected objects;; ComboFix.exe;C:\Documents and Settings\Administrator\Skrivbord;Container contains infected objects;Moved.; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:21:56, on 2009-02-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Norman\Npm\Bin\Nvcsched.exe C:\Norman\Npm\Bin\Njeeves.exe C:\WINDOWS\system32\dllhost.exe C:\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Norman\Npm\Bin\ZLH.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\QuickTime\qttask.exe C:\Norman\Nvc\Bin\Nip.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.till.biblextern.sh....s/ebraryRdr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Automatisk LiveUpdate-schemal
  6. yeka
    HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:32:05, on 2009-02-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Norman\Npm\Bin\ZLH.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Norman\Npm\Bin\Nvcsched.exe C:\Norman\Npm\Bin\Njeeves.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\Bin\Nip.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.till.biblextern.sh....s/ebraryRdr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Automatisk LiveUpdate-schemal
  7. yeka
    avenger + MBAM Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File "c:\documents and settings\Administrator\Application Data\nonesono.com" deleted successfully. File "c:\program files\Common Files\sytivyp.bat" deleted successfully. File "c:\program files\Common Files\byquciqo.vbs" deleted successfully. File "c:\program files\Common Files\dylikiwo.com" deleted successfully. File "c:\documents and settings\Administrator\Application Data\vebaxe.dat" deleted successfully. File "c:\program files\Common Files\melonyp.inf" deleted successfully. Completed script processing. ******************* Finished! Terminate. Malwarebytes' Anti-Malware 1.33 Databasversion: 1740 Windows 5.1.2600 Service Pack 3 2009-02-09 14:25:38 mbam-log-2009-02-09 (14-25-38).txt Skanningstyp: Snabb skanning Antal skannade objekt: 55030 F
  8. yeka
    ComboFix 09-02-07.01 - Administrator 2009-02-08 20:52:25.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.519 [GMT 1:00] K
  9. yeka
    Hi, i don't have any windows xp cd, i think i have to create recovery discs? If re-installing is the only solution left i would like to return to the swedish forum so i can be guided in swedish. I'll be waiting for an answer from you before i do anything else. Thank you for your help
  10. yeka
    Hi, i did burn a cd and i started the scan with avira but in the middle of the scanning process the computer shut down, is it suppose to happen? i don't understand if i did anything wrong, if the process is fullfilled or not, or what to du after the scanning? When the computer shut down i started it with the scan again and the same thing happend, then i took out the cd and started without it and everything is the same as before as far as i can see.. The situation is still the same, the nimda account is still there.. i did a MBAM but it couldn't find anything. I'm sending you a Hijackthis log.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:59:16, on 2009-02-06 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Norman\Npm\Bin\ZLH.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\msdtc.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Norman\Npm\Bin\Nvcsched.exe C:\Norman\Npm\Bin\Njeeves.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\Bin\Nip.exe C:\Norman\Nvc\Bin\cclaw.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.till.biblextern.sh....s/ebraryRdr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Automatisk LiveUpdate-schemal
  11. yeka
    i have to get a cd-r, i'll be back when i have one.
  12. yeka
    The problem is still there, there's only "nimda" as a user account on the welcome-screen.. And about a day ago Norman catched A0066131.sys W32/Agent.HHSF and put it in quarantine, but i think MBAM couldn't see it. Here is the logs: Malwarebytes' Anti-Malware 1.33 Databasversion: 1705 Windows 5.1.2600 Service Pack 3 2009-01-29 15:57:00 mbam-log-2009-01-29 (15-57-00).txt Skanningstyp: Snabb skanning Antal skannade objekt: 54592 F
  13. yeka
    i'm not sure what i'm doing.. hope it's right.. gmerlog.zip.zip gmerlog.zip.zip
  14. yeka
    ComboFix 09-01-21.04 - Administrator 2009-01-27 16:55:53.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.489 [GMT 1:00] K
  15. yeka
    any further help?
  16. yeka
    I'm not sure how to send the logs, do you want me to put them in a codebox or something else..? MBAM didn't find anything.. Malwarebytes' Anti-Malware 1.33 Databasversion: 1688 Windows 5.1.2600 Service Pack 3 2009-01-24 13:38:51 mbam-log-2009-01-24 (13-38-51).txt Skanningstyp: Snabb skanning Antal skannade objekt: 53795 F
  17. yeka
    Thak you for giving me another try. I think the log should be ok now, i hope so.. i did my best, i'm not an expert in this area .. --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Turion 64 Mobile Technology MK-36 ) BIOS : PhoenixBIOS 4.0 Release 6.1 USER : Administrator ( Administrator ) BOOT : Normal boot Antivirus : Norman Security Suite ver. 7.00 7.00 (Activated) C:\ (Local Disk) - NTFS - Total:101 Go (Free:9 Go) D:\ (Local Disk) - FAT32 - Total:9 Go (Free:1 Go) E:\ (CD or DVD) F:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 2009-01-23|19:50 ) --------------------\\ Listing folders in APPLIC~1 [2008-01-28|02:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [2006-12-03|15:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM [2007-05-13|20:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer [2007-08-09|15:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft [2009-01-11|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon [2007-08-09|15:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative [2007-01-31|22:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink [2008-12-14|04:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss [2007-04-21|22:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google [2006-12-07|16:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help [2006-12-01|02:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\HP [2006-12-01|08:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [2007-01-18|21:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech [2006-12-01|08:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [2008-09-18|13:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes [2008-03-23|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic [2008-11-21|23:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [2008-05-24|19:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla [2007-02-05|17:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft [2007-01-18|21:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic [2006-12-01|00:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun [2006-12-03|22:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc [0|fil(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte [24|katalog(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte ledigt [2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [2007-03-07|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [2007-02-05|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [2009-01-22|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP [2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [2008-09-18|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [2008-09-28|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [2009-01-23|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [2009-01-22|00:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller [2008-11-07|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [2007-02-05|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic [2008-10-21|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [2007-10-25|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar [2007-10-24|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [2007-11-20|20:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte [21|katalog(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledigt [2006-12-01|08:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte [3|katalog(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledigt [2008-02-01|14:56] C:\DOCUME~1\Guest\APPLIC~1\Adobe [2008-02-01|14:34] C:\DOCUME~1\Guest\APPLIC~1\Google [2008-02-01|14:29] C:\DOCUME~1\Guest\APPLIC~1\Identities [2008-02-01|14:35] C:\DOCUME~1\Guest\APPLIC~1\Macromedia [2008-02-01|14:34] C:\DOCUME~1\Guest\APPLIC~1\Microsoft [0|fil(er)] C:\DOCUME~1\Guest\APPLIC~1\byte [7|katalog(er)] C:\DOCUME~1\Guest\APPLIC~1\byte ledigt [2008-08-22|08:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe [2008-08-21|07:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte [4|katalog(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledigt [2006-12-01|08:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte [3|katalog(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledigt --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [2009-01-18 17:48][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-01-23 13:15][--ah-----] C:\WINDOWS\tasks\SA.DAT [2006-03-16 05:00][-rah-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [2006-12-01|08:16] C:\Program Files\Adobe [2007-03-07|22:06] C:\Program Files\Apple Software Update [2007-08-09|14:58] C:\Program Files\ArcSoft [2007-02-05|17:48] C:\Program Files\Canon [2007-02-05|17:37] C:\Program Files\CanonBJ [2009-01-22|20:38] C:\Program Files\Common Files [2006-12-01|08:16] C:\Program Files\ComPlus Applications [2006-12-01|08:16] C:\Program Files\CONEXANT [2007-08-09|15:01] C:\Program Files\Creative [2007-01-18|21:39] C:\Program Files\DAEMON Tools [2009-01-22|20:35] C:\Program Files\Google [2006-12-01|08:16] C:\Program Files\Hewlett-Packard [2006-12-01|08:16] C:\Program Files\HP [2006-11-30|23:42] C:\Program Files\HPQ [2008-03-10|22:12] C:\Program Files\InstallShield Installation Information [2008-12-12|15:56] C:\Program Files\Internet Explorer [2008-12-15|20:40] C:\Program Files\Java [2006-12-25|21:34] C:\Program Files\JoWood [2008-06-07|18:06] C:\Program Files\K-Lite Codec Pack [2009-01-21|16:48] C:\Program Files\Malwarebytes' Anti-Malware [2008-03-01|00:21] C:\Program Files\Maxis [2008-08-31|09:16] C:\Program Files\Messenger [2007-05-11|23:46] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2006-12-01|08:16] C:\Program Files\microsoft frontpage [2009-01-23|12:59] C:\Program Files\Microsoft Office [2009-01-23|12:59] C:\Program Files\Microsoft Works [2008-08-31|09:06] C:\Program Files\Movie Maker [2008-02-06|20:06] C:\Program Files\Mozilla Firefox [2006-12-01|08:16] C:\Program Files\MSN [2006-12-01|08:16] C:\Program Files\MSN Gaming Zone [2006-12-02|03:15] C:\Program Files\MSXML 4.0 [2008-08-31|08:59] C:\Program Files\NetMeeting [2006-12-01|08:16] C:\Program Files\NetWaiting [2008-10-31|10:48] C:\Program Files\Norton Security Scan [2008-11-07|08:38] C:\Program Files\NOS [2008-05-26|22:22] C:\Program Files\Octoshape Streaming Services [2006-12-01|08:16] C:\Program Files\Online Services [2008-08-31|08:59] C:\Program Files\Outlook Express [2007-03-08|10:54] C:\Program Files\QuickTime [2007-02-05|17:44] C:\Program Files\ScanSoft [2006-12-01|08:16] C:\Program Files\Sonic [2006-12-01|08:16] C:\Program Files\Synaptics [2009-01-21|18:59] C:\Program Files\Trend Micro [2006-12-01|08:16] C:\Program Files\Uninstall Information [2006-12-03|21:27] C:\Program Files\VideoLAN [2007-10-25|19:27] C:\Program Files\Winamp [2007-11-20|20:36] C:\Program Files\Windows Live [2006-12-01|08:16] C:\Program Files\Windows Media Connect 2 [2006-12-16|03:01] C:\Program Files\Windows Media Player [2008-08-31|08:59] C:\Program Files\Windows NT [2006-12-01|08:16] C:\Program Files\Windows Plus [2006-12-01|08:16] C:\Program Files\Windows XP MUI Pack [2006-12-01|08:16] C:\Program Files\WindowsUpdate [2006-12-01|08:16] C:\Program Files\xerox [0|fil(er)] C:\Program Files\byte [56|katalog(er)] C:\Program Files\byte ledigt --------------------\\ Listing Folders in C:\Program Files\Common Files [2006-12-01|08:16] C:\Program Files\Common Files\Adobe [2006-12-01|08:16] C:\Program Files\Common Files\HP [2006-12-01|08:16] C:\Program Files\Common Files\InstallShield [2006-12-01|08:16] C:\Program Files\Common Files\Java [2006-12-01|08:16] C:\Program Files\Common Files\LightScribe [2009-01-23|12:59] C:\Program Files\Common Files\Microsoft Shared [2006-12-01|08:16] C:\Program Files\Common Files\MSSoap [2006-12-01|08:16] C:\Program Files\Common Files\ODBC [2007-02-05|17:45] C:\Program Files\Common Files\ScanSoft Shared [2006-12-01|08:16] C:\Program Files\Common Files\Services [2006-12-01|08:16] C:\Program Files\Common Files\Sonic Shared [2006-12-01|08:16] C:\Program Files\Common Files\SpeechEngines [2006-12-01|08:16] C:\Program Files\Common Files\SureThing Shared [2009-01-22|00:38] C:\Program Files\Common Files\Symantec Shared [2009-01-23|12:55] C:\Program Files\Common Files\System [2006-12-01|08:16] C:\Program Files\Common Files\TiVo Shared [2007-11-20|20:36] C:\Program Files\Common Files\WindowsLiveInstaller [0|fil(er)] C:\Program Files\Common Files\byte [19|katalog(er)] C:\Program Files\Common Files\byte ledigt --------------------\\ Process ( 62 Processes ) iexplore.exe ~ [PID:860] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\ADMINI~1\Cookies\administrator@advertising[2].txt C:\DOCUME~1\ADMINI~1\Cookies\administrator@adopt.euroclick[1].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 19:52:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:10][D:2]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp [F:67][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies [F:1479][D:6]-> C:\DOCUME~1\ADMINI~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 2009-01-22|21:02 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 2009-01-23|13:46 - Option : [1] 3 - "C:\Lop SD\LopR_3.txt" - 2009-01-23|19:53 - Option : [1] --------------------\\ Scan completed at 19:53:25
  18. yeka
    i'm going to send 3 logs to you, one is the log where MBAM found infections (after that time no infections been found), and i'm also posting the logs you asked for, the one from combofix and Lop s&d. I've been getting help from a swedish forum also, i'll post the link to the thread so you can see what i've done so far if you like. http://eforum.idg.se/viewmsg.asp?EntriesId=1116881 Malwarebytes' Anti-Malware 1.33 Databasversion: 1674 Windows 5.1.2600 Service Pack 3 2009-01-21 16:58:27 mbam-log-2009-01-21 (16-58-27).txt Skanningstyp: Snabb skanning Antal skannade objekt: 60797 F
  19. yeka
    my computer catched something called Nimda, it appeard like an own administration account where i log in with my own account, so i scanned the computer adn your program found infections and told me to restart so it could remove the infections. Then when i was going to log in again my account had disappeared and there was only nimda. then i found a way to log in with my own account, i pressed ctrl+alt+del and could log in the other way. however, then i did a new scan and this time the scanner couldn't find any infections. But the nimda is obviously still in my computer.. i'm sending you anti malware and hijackthis log this is the latest log from Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.33 Databasversion: 1674 Windows 5.1.2600 Service Pack 3 2009-01-21 19:37:14 mbam-log-2009-01-21 (19-37-14).txt Skanningstyp: Snabb skanning Antal skannade objekt: 60342 F
  20. yeka

    Nimda

    yeka posted a topic in File Detections

    my computer catched something called Nimda, it appeard like an own administration account where i log in with my own account, so i scanned the computer adn your program found infections and told me to restart so it could remove the infections. Then when i was going to log in again my account had disappeared and there was only nimda. then i found a way to log in with my own account, i pressed ctrl+alt+del and could log in the other way. however, then i did a new scan and this time the scanner couldn't find any infections. But the nimda is obviously still in my computer.. i post both of the logs to you.. here is the developer log, but it's in swedish... Malwarebytes' Anti-Malware 1.33 Databasversion: 1674 Windows 5.1.2600 Service Pack 3 2009-01-21 19:37:14 mbam-log-2009-01-21 (19-37-14).txt Skanningstyp: Snabb skanning Antal skannade objekt: 60342 F
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.