|
|
|
Problem deleting trojan-downloader.conhook, generic and PWS
|
|
|
Draken12
Newbie
|
4. December 2007 @ 17:08 |
Link to this message
|
Hi!
Spyware doctor, spybot? detects and delete this annoying virus, Trojan-downloader.conhook, but it keep showing up. Could someone please be kind enough to help me?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56, on 2007-12-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\CA\SharedComponents\CAM\bin\cam.exe
C:\Program\Telia\CiscoVpnClient\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program\CA\SharedComponents\iTechnology\igateway.exe
C:\Program\CA\eTrustITM\InoRpc.exe
C:\Program\CA\eTrustITM\InoRT.exe
C:\Program\CA\eTrustITM\InoTask.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\CA\eTrustITM\eaps.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program\Spyware Doctor\SDTrayApp.exe
C:\Program\CA\Unicenter DSM\Bin\caf.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\CA\Unicenter DSM\Bin\cfsmsmd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program\CA\Unicenter DSM\Bin\sxplog32.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program\CA\Unicenter DSM\Bin\ccnfagent.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\QuickTime\qttask.exe
C:\Program\CA\Unicenter DSM\Bin\cfnotsrvd.exe
C:\Program\CA\Unicenter DSM\Bin\ccsmagtd.exe
C:\Program\Telia\Telia Connect\AutoUpdateSrv.exe
C:\PROGRAM\CA\UNICENTER DSM\BIN\amswmagt.exe
C:\Program\CA\Unicenter DSM\PMAgent\capmuamagt.exe
C:\Program\CA\Unicenter DSM\Bin\cfftplugin.exe
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\HJT\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.ltdalarna.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.ltdalarna.se
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.ltdalarna.se/ie.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {b1776866-3025-3b68-1364-e27637d08c24} - {42c80d73-672e-4631-86b3-52036686771b} - C:\WINDOWS\System32\voasjvkg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {B6994DF8-50BB-4D97-9E05-9A66AA8752FB} - \
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Printers] C:\WINDOWS\LTDPRINT\netprinters.vbs
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program\CA\Unicenter DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program\CA\Unicenter DSM\Bin\cfSysTray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Telia\CiscoVpnClient\vpngui.exe
O4 - Global Startup: Uppdateringsagent.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://web.ltdalarna.se
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ltdalarna.se
O17 - HKLM\Software\..\Telephony: DomainName = ltdalarna.se
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB480CB4-FA4E-4B44-B40E-1A90D0AA4562}: Domain = ltdalarna.se
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ltdalarna.se
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ltdalarna.se
O20 - Winlogon Notify: CAF - C:\Program\CA\Unicenter DSM\Bin\cfwlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA Unicenter DSM r11 Common Application Framework. (caf) - Computer Associates International, Inc. - C:\Program\CA\Unicenter DSM\Bin\caf.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Telia\CiscoVpnClient\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoTask.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/widjoh/LOKALA~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/widjoh/LOKALA~1/Temp/msohtml1/01/clip_image002.gif
--
End of file - 9388 bytes
|
|
Advertisement
|
|
|
|
Member
|
4. December 2007 @ 19:00 |
Link to this message
|
hi,
to many antimalware apps. i see:
spybot, ad aware, spyware doctor, AVG antispyware.
these provide the same service and having 4 dosnt increase your security. two have real time protection, avg guard and spybot's tea timer, both have simliar functions and will chew up system resources. one anti-virus and two anti-malware apps on a computer is plenty.
---------------------------------
so that the real time protection dosnt interfere with hjt, please disable spybots tea timer, and AVG guard and any others that might be running, if you see the icon in the tray then they are active. after disabling, do this:
trendmicro:
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
O2 - BHO: {b1776866-3025-3b68-1364-e27637d08c24} - {42c80d73-672e-4631-86b3-52036686771b} - C:\WINDOWS\System32\voasjvkg.dll
-----------------
reboot computer after using hjt, rename the hjt icon to scanme.exe or something else then rescan and post a new hjt log.
echorpely
|
|
Draken12
Newbie
|
5. December 2007 @ 03:31 |
Link to this message
|
Hi again
Thank you for the quick answer.
New hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22, on 2007-12-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\CA\SharedComponents\CAM\bin\cam.exe
C:\Program\Telia\CiscoVpnClient\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program\CA\SharedComponents\iTechnology\igateway.exe
C:\Program\CA\eTrustITM\InoRpc.exe
C:\Program\CA\eTrustITM\InoRT.exe
C:\Program\CA\eTrustITM\InoTask.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\CA\eTrustITM\eaps.exe
C:\Program\CA\Unicenter DSM\Bin\caf.exe
C:\Program\CA\Unicenter DSM\Bin\cfsmsmd.exe
C:\Program\CA\Unicenter DSM\Bin\ccnfagent.exe
C:\Program\CA\Unicenter DSM\Bin\cfnotsrvd.exe
C:\Program\CA\Unicenter DSM\Bin\ccsmagtd.exe
C:\PROGRAM\CA\UNICENTER DSM\BIN\amswmagt.exe
C:\Program\CA\Unicenter DSM\PMAgent\capmuamagt.exe
C:\Program\CA\Unicenter DSM\Bin\cfftplugin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\CA\eTrustITM\realmon.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program\CA\Unicenter DSM\Bin\sxplog32.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program\Telia\Telia Connect\AutoUpdateSrv.exe
C:\HJT\Scanme.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.ltdalarna.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.ltdalarna.se
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.ltdalarna.se/ie.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {B6994DF8-50BB-4D97-9E05-9A66AA8752FB} - \
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Printers] C:\WINDOWS\LTDPRINT\netprinters.vbs
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program\CA\Unicenter DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program\CA\Unicenter DSM\Bin\cfSysTray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Telia\CiscoVpnClient\vpngui.exe
O4 - Global Startup: Uppdateringsagent.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://web.ltdalarna.se
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ltdalarna.se
O17 - HKLM\Software\..\Telephony: DomainName = ltdalarna.se
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB480CB4-FA4E-4B44-B40E-1A90D0AA4562}: Domain = ltdalarna.se
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ltdalarna.se
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ltdalarna.se
O20 - Winlogon Notify: CAF - C:\Program\CA\Unicenter DSM\Bin\cfwlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA Unicenter DSM r11 Common Application Framework. (caf) - Computer Associates International, Inc. - C:\Program\CA\Unicenter DSM\Bin\caf.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Telia\CiscoVpnClient\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoTask.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/widjoh/LOKALA~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/widjoh/LOKALA~1/Temp/msohtml1/01/clip_image002.gif
--
End of file - 8284 bytes
JV
|
|
Draken12
Newbie
|
5. December 2007 @ 05:10 |
Link to this message
|
Hi
Hopefully this spyware Doctors history log can help you as a complement to the HJT log posted above!
/Draken
PC Tools Spyware Doctor
Date Status
2007-12-04 23:17:28:234 Sökning slutförd
Sökningstyp - Intelli-Scan
Behandlade poster - 170186
Hot upptäckta - 1
Infektioner upptäckta - 2
Ignorerade infektioner - 0
2007-12-04 23:17:55:531 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-04 23:18:06:890 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-04 23:18:06:906 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-04 23:18:06:953 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-04 23:18:06:953 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-04 23:18:09:78 Summering av infektioner i karantän/borttagna
Karantän - 2
Karantän misslyckades - 0
Borttagna - 2
Borttagningen misslyckades - 0
2007-12-04 23:25:10:750 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-04 23:25:30:640 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-04 23:35:46:546 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-04 23:36:41:343 OnGuard upptäckt rensad
Hotnamn - Application.TrackingCookies
Typ - Cookie
Risknivå - Låg
Infektion - doubleclick.net/ doubleclick.net
2007-12-04 23:39:54:140 OnGuard upptäckt rensad
Hotnamn - Application.TrackingCookies
Typ - Cookie
Risknivå - Låg
Infektion - doubleclick.net/ doubleclick.net
2007-12-04 23:43:52:437 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-04 23:46:12:62 OnGuard upptäckt rensad
Hotnamn - Adware.Advertising
Typ - Cookie
Risknivå - Låg
Infektion - statcounter.com/ statcounter.com
2007-12-04 23:46:12:62 OnGuard upptäckt rensad
Hotnamn - Adware.Advertising
Typ - Cookie
Risknivå - Låg
Infektion - www.burstnet.com/ www.burstnet.com
2007-12-04 23:47:12:218 OnGuard upptäckt rensad
Hotnamn - Adware.Advertising
Typ - Cookie
Risknivå - Låg
Infektion - statcounter.com/ statcounter.com
2007-12-04 23:47:12:218 OnGuard upptäckt rensad
Hotnamn - Adware.Advertising
Typ - Cookie
Risknivå - Låg
Infektion - www.burstnet.com/ www.burstnet.com
2007-12-04 23:54:18:265 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-04 23:56:53:656 OnGuard upptäckt rensad
Hotnamn - Application.TrackingCookies
Typ - Cookie
Risknivå - Låg
Infektion - indextools.com/ indextools.com
2007-12-04 23:57:26:890 Sökning påbörjad
Sökningstyp - Intelli-Scan
2007-12-04 23:57:42:375 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-04 23:57:42:375 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-04 23:59:07:390 Sökning slutförd
Sökningstyp - Intelli-Scan
Behandlade poster - 170014
Hot upptäckta - 1
Infektioner upptäckta - 2
Ignorerade infektioner - 0
2007-12-05 00:03:12:343 Sökning påbörjad
Sökningstyp - Intelli-Scan
2007-12-05 00:03:29:156 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 00:03:29:171 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 00:04:48:703 Sökning slutförd
Sökningstyp - Intelli-Scan
Behandlade poster - 169968
Hot upptäckta - 1
Infektioner upptäckta - 2
Ignorerade infektioner - 0
2007-12-05 00:06:10:312 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 00:06:10:828 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 00:06:10:890 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 00:06:10:890 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 00:06:13:15 Summering av infektioner i karantän/borttagna
Karantän - 2
Karantän misslyckades - 0
Borttagna - 2
Borttagningen misslyckades - 0
2007-12-05 00:09:28:937 Tjänst Stoppad
Spyware Doctor Serviceprogram Stoppat
2007-12-05 07:45:44:218 Tjänst Startad
Spyware Doctor Serviceprogram startat
2007-12-05 07:45:44:609 OnGuards status
Alla OnGuards Aktiverades
2007-12-05 07:45:44:781 Immuniseringsresultat
ActiveX-sektion har immuniserats. Inga poster behandlades.
2007-12-05 08:14:04:291 Sökning påbörjad
Sökningstyp - Intelli-Scan
2007-12-05 08:14:25:200 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 08:14:25:216 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 08:15:44:958 Sökning slutförd
Sökningstyp - Intelli-Scan
Behandlade poster - 141548
Hot upptäckta - 1
Infektioner upptäckta - 2
Ignorerade infektioner - 0
2007-12-05 08:15:51:437 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 08:15:51:437 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 08:15:51:500 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 08:15:51:500 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 08:15:53:644 Summering av infektioner i karantän/borttagna
Karantän - 2
Karantän misslyckades - 0
Borttagna - 2
Borttagningen misslyckades - 0
2007-12-05 08:24:16:700 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:24:55:891 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:26:50:6 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:27:30:370 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:29:29:469 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:30:28:839 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:34:31:164 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:35:19:791 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:36:22:721 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:37:22:639 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:40:44:983 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:58:27:246 OnGuard upptäckt rensad
Hotnamn - Trojan.Virtumonde
Typ - Cookie
Risknivå - Förhöjd
Infektion - svxela.com/ svxela.com
2007-12-05 08:59:29:743 OnGuard upptäckt rensad
Hotnamn - Application.TrackingCookies
Typ - Cookie
Risknivå - Låg
Infektion - m.webtrends.com/ m.webtrends.com
2007-12-05 10:21:51:650 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 10:21:51:650 Infektion upptäcktes på denna dator
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 10:22:21:52 Sökning slutförd
Sökningstyp - Intelli-Scan
Behandlade poster - 162761
Hot upptäckta - 1
Infektioner upptäckta - 2
Ignorerade infektioner - 0
2007-12-05 10:28:27:189 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 10:28:27:204 Infektion i karantän
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 10:28:27:424 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Key
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan
2007-12-05 10:28:27:439 Infektion rensad
Hotnamn - Trojan-Downloader.ConHook
Typ - Registry Value
Risknivå - Hög
Infektion - HKEY_USERS\S-1-5-21-910452376-877226765-825688854-34913\Software\Microsoft\MS Juan, (Default)
2007-12-05 10:28:29:555 Summering av infektioner i karantän/borttagna
Karantän - 2
Karantän misslyckades - 0
Borttagna - 2
Borttagningen misslyckades - 0
|
Member
|
5. December 2007 @ 06:00 |
Link to this message
|
yes that log is helpful. cookies aren't much to worry about. you can use settings within IE or firefox to control them. or get ATF-Cleaner to keep cookies, temps etc cleaned up with one click of the button
http://www.atribune.org/content/view/19/2/
-----------------------------
try this:
download and run vundofix.exe:
http://www.atribune.org/ccount/click.php?id=4
* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
echoreply
|
|
Draken12
Newbie
|
5. December 2007 @ 09:51 |
Link to this message
|
Ok, now I have done what you told. Vundofix didn't find anything but the reason behind this is probably because I tried Vundofix yesterday. By the way hasn?t spyware Doctor found any sign off the little Trojan basted...... so maybe I?m lucky!!
VundoFix Log:
VundoFix V6.7.0
Checking Java version...
Sun Java not detected
Scan started at 00:16:48 2007-12-04
Listing files found while scanning....
C:\windows\system32\jryaipgn.dll
C:\windows\system32\kjjlm.ini
C:\windows\system32\mljjk.dll
Beginning removal...
Attempting to delete C:\windows\system32\jryaipgn.dll
C:\windows\system32\jryaipgn.dll Has been deleted!
Attempting to delete C:\windows\system32\kjjlm.ini
C:\windows\system32\kjjlm.ini Has been deleted!
Attempting to delete C:\windows\system32\mljjk.dll
C:\windows\system32\mljjk.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.0
Checking Java version...
Sun Java not detected
Scan started at 00:47:23 2007-12-04
Listing files found while scanning....
VundoFix V6.7.0
Checking Java version...
Sun Java not detected
Scan started at 01:35:19 2007-12-04
Listing files found while scanning....
VundoFix V6.7.0
Checking Java version...
Sun Java not detected
Scan started at 02:05:41 2007-12-04
Listing files found while scanning....
No infected files were found.
VundoFix V6.7.0
Checking Java version...
Sun Java not detected
Scan started at 21:48:13 2007-12-04
Listing files found while scanning....
VundoFix V6.7.0
Checking Java version...
Sun Java not detected
Scan started at 14:28:41 2007-12-05
Listing files found while scanning....
No infected files were found.
Beginning removal...
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07, on 2007-12-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program\CA\SharedComponents\CAM\bin\cam.exe
C:\Program\Telia\CiscoVpnClient\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program\CA\SharedComponents\iTechnology\igateway.exe
C:\Program\CA\eTrustITM\InoRpc.exe
C:\Program\CA\eTrustITM\InoRT.exe
C:\Program\CA\eTrustITM\InoTask.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program\CA\eTrustITM\eaps.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program\CA\Unicenter DSM\Bin\caf.exe
C:\Program\CA\Unicenter DSM\Bin\cfsmsmd.exe
C:\Program\CA\Unicenter DSM\Bin\ccnfagent.exe
C:\Program\CA\Unicenter DSM\Bin\cfnotsrvd.exe
C:\Program\CA\Unicenter DSM\Bin\ccsmagtd.exe
C:\PROGRAM\CA\UNICENTER DSM\BIN\amswmagt.exe
C:\Program\CA\Unicenter DSM\PMAgent\capmuamagt.exe
C:\Program\CA\Unicenter DSM\Bin\cfftplugin.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program\CA\Unicenter DSM\Bin\sxplog32.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Telia\Telia Connect\AutoUpdateSrv.exe
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\HJT\Scanme.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.ltdalarna.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.ltdalarna.se
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.ltdalarna.se/ie.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: (no name) - {B6994DF8-50BB-4D97-9E05-9A66AA8752FB} - \
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Printers] C:\WINDOWS\LTDPRINT\netprinters.vbs
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program\CA\Unicenter DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program\CA\Unicenter DSM\Bin\cfSysTray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Telia\CiscoVpnClient\vpngui.exe
O4 - Global Startup: Uppdateringsagent.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://web.ltdalarna.se
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ltdalarna.se
O17 - HKLM\Software\..\Telephony: DomainName = ltdalarna.se
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB480CB4-FA4E-4B44-B40E-1A90D0AA4562}: Domain = ltdalarna.se
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ltdalarna.se
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ltdalarna.se
O20 - Winlogon Notify: CAF - C:\Program\CA\Unicenter DSM\Bin\cfwlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA Unicenter DSM r11 Common Application Framework. (caf) - Computer Associates International, Inc. - C:\Program\CA\Unicenter DSM\Bin\caf.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Telia\CiscoVpnClient\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program\CA\eTrustITM\InoTask.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/widjoh/LOKALA~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/widjoh/LOKALA~1/Temp/msohtml1/01/clip_image002.gif
--
End of file - 8444 bytes
JV
|
Member
|
5. December 2007 @ 17:30 |
Link to this message
|
hi,
vundofix removed some .dlls, hows it on your end now?
|
|
Draken12
Newbie
|
5. December 2007 @ 19:22 |
Link to this message
|
|
The dlls was as a matter of fact removed the day before I ask for your help when I still got problem with the continually returning Trojan called trojan-downloader.conhook. I think the Trojan was re-activated, after deletion, every time I run IE, but who am I to tell!!! Anyway, now my system seems to run OK so thank you so much for your help. If it?s ok I would like your last opinion about which processes that shouldn?t be running in my task manager and how to remove from still be running there in the future? I don't know if it's possible to post an image, snapshot, located on your hard drive so if you have any suggestions....
Thank you for everything.
Best regards /
Draken
|
Member
|
5. December 2007 @ 20:50 |
Link to this message
|
hi,
you are welcome
Quote:
dlls was as a matter of fact removed the day before I ask
looks like it was removed yesterday when you ran vundofix;
2007-12-04
Listing files found while scanning....
C:\windows\system32\jryaipgn.dll
C:\windows\system32\kjjlm.ini
C:\windows\system32\mljjk.dll
Beginning removal...
------------------------------------------
ok so alls good now.
Quote:
which processes that shouldn?t be running in my task manager and how to remove from still be running there in the future
click on the icons by the clock, usually this will launch the software, look in settings or preferences for options not to start with windows. see if that helps control some of it.
look you are a service pack behind in windows update. windows is up to service pack 2 now. you should visit windows update do get the latest patches and fixes for windows. it will be a huge download, hope you have broadband-- also available on CD if you want it that way.
also good idea to do this after cleaning up malware:
One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is agood idea after malware is removed.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
echoreply
|
|
Draken12
Newbie
|
6. December 2007 @ 02:53 |
Link to this message
|
Hi
If you follow the timeline in vundofix history you can see that I am live in Sweden and because of that I?m about 8 hours ahead, depending on where in the states you live. I don?t want to be rude, but the virus stopped to showing up first when you told me to the remove O2 - BHO: {b1776866-3025-3b68-1364-e27637d08c24} - {42c80d73-672e-4631-86b3-52036686771b} - C:\WINDOWS\System32\voasjvkg.dll and use ATF-Cleaner.
What kind of dll is voasjvkg.dll?
Thx again /
Draken
JV
|
|
Advertisement
|
|
|
Member
|
6. December 2007 @ 20:25 |
Link to this message
|
|
|
