yeka
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by yeka
-
-
Hi, i didn't manage to do all the things you told me.
I tried to give this a try: http://www.kellys-korner-xp.com/xp_wel_screen.htm "Show Administrator on the Welcome Screen" but i didn't understand how to do it.
I also wanted to try this http://support.microsoft.com/kb/302346/, am i suppose to remove this --> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL ? i couldn't find this, maybe i searched wrong. And i also do not have any back up so i was afraid doing it wrong.
What i did was the dial-a-fix thing.
And this: "Try this. Click on START - RUN and type in control userpasswords2 and change your password, or look
on the Advanced tab and make sure that is not checked.
Try creating a new account and giving it a password."
I couldnt find where to change my password doing it your way so i did it through control panel --> user account (i dont know the english words..?) And the "Require users to press CTRL+ALT+Delete" was not checked. I did create a new account with password and then reboot. Now there is nimda and that new account but not my own account. WHile i was changing my password in my own accont i saw this: The administrator account is visible only on the welcome screen when no other user account is created (except the guest account), or when you start the computer in safe mode. (i translated this from swedish). Is this intresting? The nimda account is also a administrator account.. it says so anyway..
-
i had no time to try these things today, i'll try tomorrow! thank you!
-
i don't know how to explain it in another way.. i'm not so good at "computer-words" hehe.. but i'll try again.
The main issue is that my own useraccount doesn't show up in the welcome-screen. when i start the computer and the welcome-screen comes up there is only nimda as the user account and it wants a password. I tried to log in once with my own password to nimda to see if it works, but it didn't. Then the swedish forum said that the password is probably "nimda" but i never tried it since i found another way to log in with my own account and because i don't feel comfortable to log in with the nimda account. When i'm on the welcome screen and press ctrl+alt+delete twice, a "classic" log in version shows up and there is my own useraccont aldready typed so i just have to type my password and log in.
And the other issue is the one i told yesterday, i've been having this issue for a couple of days now as far as i have noticed it, the little icons that is the websites own logos that is shown beside the www-address is not right.
e.g. Instead of googles logotype my schools logotype takes place, instead of youtube there is a logotype that im not familiar with, same thing is for this site MBAM and so on... And sometimes there's no logo at all, when i know it should be.
another issue that i had after this nimda thing (but it seems to be gone now) is that when i didn't touch the computer for a couple of minutes the account logged out and the welcome-screen appeared. This time both nimda and my own account was there, so i could log in with my own account directly from the welcome-screen. There was two strange things about this, one was that usually it takes longer time for the account to log out itself and the other thing was that when the account logs out usually Msn also log out, but when the account logs out in this way everything is like i never had logged out, the msn is still on when it should have logged out for example.
I was thinking of maybe try to log in in the nimda account and try to remove it myself but i don't now if i dare and if it is safe to do it? or if it even is an actual account...? Maybe it is better to just restore or something..
As i said before, if i'm going to do some re-installing actions i wolud like to return to the swedish forum and get the guidence in swedish if it is ok.
-
everything is still the same. Another thing i noticed is that the little icons (that are shown where you type the www-address) for specific pages is not correct, e.g. YouTube - sometimes there is no icon and sometimes there is another icon that belongs to another site instead of its own logo. I don't know if i managed to explain it, ask again if u didn't understand and if it is relevant.
DrWeb+Hijackthis
A0000001.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{15CB993F-554A-4EB6-86A2-9337A03CDEC3}\RP1\A0000001.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{15CB993F-554A-4EB6-86A2-9337A03CDEC3}\RP1;Archive contains infected objects;;
A0000001.exe;C:\System Volume Information\_restore{15CB993F-554A-4EB6-86A2-9337A03CDEC3}\RP1;Container contains infected objects;Moved.;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Administrator\Skrivbord\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Administrator\Skrivbord;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Administrator\Skrivbord;Container contains infected objects;Moved.;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:56, on 2009-02-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\system32\dllhost.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.till.biblextern.sh....s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatisk LiveUpdate-schemal
-
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:05, on 2009-02-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.till.biblextern.sh....s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatisk LiveUpdate-schemal
-
avenger + MBAM
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "c:\documents and settings\Administrator\Application Data\nonesono.com" deleted successfully.
File "c:\program files\Common Files\sytivyp.bat" deleted successfully.
File "c:\program files\Common Files\byquciqo.vbs" deleted successfully.
File "c:\program files\Common Files\dylikiwo.com" deleted successfully.
File "c:\documents and settings\Administrator\Application Data\vebaxe.dat" deleted successfully.
File "c:\program files\Common Files\melonyp.inf" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Malwarebytes' Anti-Malware 1.33
Databasversion: 1740
Windows 5.1.2600 Service Pack 3
2009-02-09 14:25:38
mbam-log-2009-02-09 (14-25-38).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 55030
F
-
ComboFix 09-02-07.01 - Administrator 2009-02-08 20:52:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.519 [GMT 1:00]
K
-
Hi, i don't have any windows xp cd, i think i have to create recovery discs? If re-installing is the only solution left i would like to return to the swedish forum so i can be guided in swedish. I'll be waiting for an answer from you before i do anything else. Thank you for your help
-
Hi, i did burn a cd and i started the scan with avira but in the middle of the scanning process the computer shut down, is it suppose to happen? i don't understand if i did anything wrong, if the process is fullfilled or not, or what to du after the scanning? When the computer shut down i started it with the scan again and the same thing happend, then i took out the cd and started without it and everything is the same as before as far as i can see..
The situation is still the same, the nimda account is still there.. i did a MBAM but it couldn't find anything. I'm sending you a Hijackthis log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:16, on 2009-02-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.till.biblextern.sh....s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatisk LiveUpdate-schemal
-
i have to get a cd-r, i'll be back when i have one.
-
The problem is still there, there's only "nimda" as a user account on the welcome-screen.. And about a day ago Norman catched A0066131.sys W32/Agent.HHSF and put it in quarantine, but i think MBAM couldn't see it. Here is the logs:
Malwarebytes' Anti-Malware 1.33
Databasversion: 1705
Windows 5.1.2600 Service Pack 3
2009-01-29 15:57:00
mbam-log-2009-01-29 (15-57-00).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 54592
F
-
-
ComboFix 09-01-21.04 - Administrator 2009-01-27 16:55:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.489 [GMT 1:00]
K
-
any further help?
-
I'm not sure how to send the logs, do you want me to put them in a codebox or something else..?
MBAM didn't find anything..
Malwarebytes' Anti-Malware 1.33
Databasversion: 1688
Windows 5.1.2600 Service Pack 3
2009-01-24 13:38:51
mbam-log-2009-01-24 (13-38-51).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 53795
F
-
Thak you for giving me another try. I think the log should be ok now, i hope so.. i did my best, i'm not an expert in this area ..
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion 64 Mobile Technology MK-36 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : Norman Security Suite ver. 7.00 7.00 (Activated)
C:\ (Local Disk) - NTFS - Total:101 Go (Free:9 Go)
D:\ (Local Disk) - FAT32 - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-01-23|19:50 )
--------------------\\ Listing folders in APPLIC~1
[2008-01-28|02:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[2006-12-03|15:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[2007-05-13|20:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[2007-08-09|15:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
[2009-01-11|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon
[2007-08-09|15:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
[2007-01-31|22:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[2008-12-14|04:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[2007-04-21|22:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[2006-12-07|16:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[2006-12-01|02:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
[2006-12-01|08:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2007-01-18|21:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
[2006-12-01|08:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[2008-09-18|13:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[2008-03-23|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[2008-11-21|23:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2008-05-24|19:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[2007-02-05|17:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft
[2007-01-18|21:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[2006-12-01|00:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[2006-12-03|22:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[0|fil(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte
[24|katalog(er)] C:\DOCUME~1\ADMINI~1\APPLIC~1\byte ledigt
[2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2007-03-07|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2007-02-05|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[2009-01-22|19:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2008-09-18|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-09-28|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2009-01-23|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[2009-01-22|00:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[2008-11-07|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[2007-02-05|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[2006-12-01|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[2008-10-21|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2007-10-25|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[2007-10-24|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2007-11-20|20:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
[21|katalog(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledigt
[2006-12-01|08:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
[3|katalog(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledigt
[2008-02-01|14:56] C:\DOCUME~1\Guest\APPLIC~1\Adobe
[2008-02-01|14:34] C:\DOCUME~1\Guest\APPLIC~1\Google
[2008-02-01|14:29] C:\DOCUME~1\Guest\APPLIC~1\Identities
[2008-02-01|14:35] C:\DOCUME~1\Guest\APPLIC~1\Macromedia
[2008-02-01|14:34] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\Guest\APPLIC~1\byte
[7|katalog(er)] C:\DOCUME~1\Guest\APPLIC~1\byte ledigt
[2008-08-22|08:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2008-08-21|07:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
[4|katalog(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledigt
[2006-12-01|08:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
[3|katalog(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledigt
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[2009-01-18 17:48][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-01-23 13:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2006-03-16 05:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[2006-12-01|08:16] C:\Program Files\Adobe
[2007-03-07|22:06] C:\Program Files\Apple Software Update
[2007-08-09|14:58] C:\Program Files\ArcSoft
[2007-02-05|17:48] C:\Program Files\Canon
[2007-02-05|17:37] C:\Program Files\CanonBJ
[2009-01-22|20:38] C:\Program Files\Common Files
[2006-12-01|08:16] C:\Program Files\ComPlus Applications
[2006-12-01|08:16] C:\Program Files\CONEXANT
[2007-08-09|15:01] C:\Program Files\Creative
[2007-01-18|21:39] C:\Program Files\DAEMON Tools
[2009-01-22|20:35] C:\Program Files\Google
[2006-12-01|08:16] C:\Program Files\Hewlett-Packard
[2006-12-01|08:16] C:\Program Files\HP
[2006-11-30|23:42] C:\Program Files\HPQ
[2008-03-10|22:12] C:\Program Files\InstallShield Installation Information
[2008-12-12|15:56] C:\Program Files\Internet Explorer
[2008-12-15|20:40] C:\Program Files\Java
[2006-12-25|21:34] C:\Program Files\JoWood
[2008-06-07|18:06] C:\Program Files\K-Lite Codec Pack
[2009-01-21|16:48] C:\Program Files\Malwarebytes' Anti-Malware
[2008-03-01|00:21] C:\Program Files\Maxis
[2008-08-31|09:16] C:\Program Files\Messenger
[2007-05-11|23:46] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006-12-01|08:16] C:\Program Files\microsoft frontpage
[2009-01-23|12:59] C:\Program Files\Microsoft Office
[2009-01-23|12:59] C:\Program Files\Microsoft Works
[2008-08-31|09:06] C:\Program Files\Movie Maker
[2008-02-06|20:06] C:\Program Files\Mozilla Firefox
[2006-12-01|08:16] C:\Program Files\MSN
[2006-12-01|08:16] C:\Program Files\MSN Gaming Zone
[2006-12-02|03:15] C:\Program Files\MSXML 4.0
[2008-08-31|08:59] C:\Program Files\NetMeeting
[2006-12-01|08:16] C:\Program Files\NetWaiting
[2008-10-31|10:48] C:\Program Files\Norton Security Scan
[2008-11-07|08:38] C:\Program Files\NOS
[2008-05-26|22:22] C:\Program Files\Octoshape Streaming Services
[2006-12-01|08:16] C:\Program Files\Online Services
[2008-08-31|08:59] C:\Program Files\Outlook Express
[2007-03-08|10:54] C:\Program Files\QuickTime
[2007-02-05|17:44] C:\Program Files\ScanSoft
[2006-12-01|08:16] C:\Program Files\Sonic
[2006-12-01|08:16] C:\Program Files\Synaptics
[2009-01-21|18:59] C:\Program Files\Trend Micro
[2006-12-01|08:16] C:\Program Files\Uninstall Information
[2006-12-03|21:27] C:\Program Files\VideoLAN
[2007-10-25|19:27] C:\Program Files\Winamp
[2007-11-20|20:36] C:\Program Files\Windows Live
[2006-12-01|08:16] C:\Program Files\Windows Media Connect 2
[2006-12-16|03:01] C:\Program Files\Windows Media Player
[2008-08-31|08:59] C:\Program Files\Windows NT
[2006-12-01|08:16] C:\Program Files\Windows Plus
[2006-12-01|08:16] C:\Program Files\Windows XP MUI Pack
[2006-12-01|08:16] C:\Program Files\WindowsUpdate
[2006-12-01|08:16] C:\Program Files\xerox
[0|fil(er)] C:\Program Files\byte
[56|katalog(er)] C:\Program Files\byte ledigt
--------------------\\ Listing Folders in C:\Program Files\Common Files
[2006-12-01|08:16] C:\Program Files\Common Files\Adobe
[2006-12-01|08:16] C:\Program Files\Common Files\HP
[2006-12-01|08:16] C:\Program Files\Common Files\InstallShield
[2006-12-01|08:16] C:\Program Files\Common Files\Java
[2006-12-01|08:16] C:\Program Files\Common Files\LightScribe
[2009-01-23|12:59] C:\Program Files\Common Files\Microsoft Shared
[2006-12-01|08:16] C:\Program Files\Common Files\MSSoap
[2006-12-01|08:16] C:\Program Files\Common Files\ODBC
[2007-02-05|17:45] C:\Program Files\Common Files\ScanSoft Shared
[2006-12-01|08:16] C:\Program Files\Common Files\Services
[2006-12-01|08:16] C:\Program Files\Common Files\Sonic Shared
[2006-12-01|08:16] C:\Program Files\Common Files\SpeechEngines
[2006-12-01|08:16] C:\Program Files\Common Files\SureThing Shared
[2009-01-22|00:38] C:\Program Files\Common Files\Symantec Shared
[2009-01-23|12:55] C:\Program Files\Common Files\System
[2006-12-01|08:16] C:\Program Files\Common Files\TiVo Shared
[2007-11-20|20:36] C:\Program Files\Common Files\WindowsLiveInstaller
[0|fil(er)] C:\Program Files\Common Files\byte
[19|katalog(er)] C:\Program Files\Common Files\byte ledigt
--------------------\\ Process
( 62 Processes )
iexplore.exe ~ [PID:860]
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\ADMINI~1\Cookies\administrator@advertising[2].txt
C:\DOCUME~1\ADMINI~1\Cookies\administrator@adopt.euroclick[1].txt
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 19:52:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:10][D:2]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:67][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:1479][D:6]-> C:\DOCUME~1\ADMINI~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 2009-01-22|21:02 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2009-01-23|13:46 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 2009-01-23|19:53 - Option : [1]
--------------------\\ Scan completed at 19:53:25
-
i'm going to send 3 logs to you, one is the log where MBAM found infections (after that time no infections been found), and i'm also posting the logs you asked for, the one from combofix and Lop s&d. I've been getting help from a swedish forum also, i'll post the link to the thread so you can see what i've done so far if you like. http://eforum.idg.se/viewmsg.asp?EntriesId=1116881
Malwarebytes' Anti-Malware 1.33
Databasversion: 1674
Windows 5.1.2600 Service Pack 3
2009-01-21 16:58:27
mbam-log-2009-01-21 (16-58-27).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 60797
F
-
my computer catched something called Nimda, it appeard like an own administration account where i log in with my own account, so i scanned the computer adn your program found infections and told me to restart so it could remove the infections. Then when i was going to log in again my account had disappeared and there was only nimda. then i found a way to log in with my own account, i pressed ctrl+alt+del and could log in the other way. however, then i did a new scan and this time the scanner couldn't find any infections. But the nimda is obviously still in my computer.. i'm sending you anti malware and hijackthis log
this is the latest log from Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.33
Databasversion: 1674
Windows 5.1.2600 Service Pack 3
2009-01-21 19:37:14
mbam-log-2009-01-21 (19-37-14).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 60342
F
-
my computer catched something called Nimda, it appeard like an own administration account where i log in with my own account, so i scanned the computer adn your program found infections and told me to restart so it could remove the infections. Then when i was going to log in again my account had disappeared and there was only nimda. then i found a way to log in with my own account, i pressed ctrl+alt+del and could log in the other way. however, then i did a new scan and this time the scanner couldn't find any infections. But the nimda is obviously still in my computer.. i post both of the logs to you..
here is the developer log, but it's in swedish...
Malwarebytes' Anti-Malware 1.33
Databasversion: 1674
Windows 5.1.2600 Service Pack 3
2009-01-21 19:37:14
mbam-log-2009-01-21 (19-37-14).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 60342
F
Nimda
in Resolved Malware Removal Logs
Posted
YES!!!!!! it's gone! Thank you for your help! everything is back to the way it was as far as i can see. thank you