Drivecleaner

[Cecilia]

närjag start MSN nu mera...

 

får jag detta...

Internet Explorer - Verktyg - Internetalternativ - Avancerat

På slutet någonstans avbocka Visa meddelanden om skriptfel eller liknande text

 

[carlus]

 

[inlägget ändrat 2007-03-12 11:53:37 av carlus]

[inlägget ändrat 2007-03-12 11:54:21 av carlus]

[carlus]

 

 

 

jag fick ominstallerat MSN och [jag får meddelandet ändå...

 

ps. den var EJ bockad ( det du sa ) - säger bara så duvet

 

se bilden

 

 

 

 

 

http://s2.excoboard.com/forums/7117/user/78763/377844.jpg

[inlägget ändrat 2007-03-12 11:57:13 av carlus]

[Cecilia]

Då vet jag inte. Kolla om det finns något om skriptfel i Chattforumet. Om inte så ställ din fråga där.

 

[carlus]

 

 

Samma virus finns kvar på datorn ännu....

bara alternativen granska, undanta och ignoera som finns..

men norton hittar ju då tillbaka till samma virus om o om igen..

hur och vad gör jag för att få bort detta...

när jag trycker på granska kommer jag bara hit...

 

länk: http://www.symantec.com/security_response/writeup.jsp?docid=2006-

062217-0726-99

 

och s å säger norton att allt är fritt fram men sen nästa sökning är det ju tillbaka igen... och viruset blir ju aldrig borttaget på så vis..

 

här är bilder på detta...

 

23 mars:

 

http://img.photobucket.com/albums/v335/BSandBandit/skvirus23mars.

jpg

 

24 mars

 

http://img.photobucket.com/albums/v335/BSandBandit/virussk24mars.

jpg

 

 

25 mars

 

http://img.photobucket.com/albums/v335/BSandBandit/virussk25mars.jpg

 

Som ni kan se är det samma virus problem varje gång jag söker datorn...

 

Hörde att det skulle finnas att anti spyware lr liknade som tar bort trojan:er är det sant och vart hittar jag i så fall det programmet ??

 

OM inte - Hur hittar man & blir man av med Trojan:er ??

 

 

 

 

 

 

 

 

ps.

 

 

Tack för alla hjälp innan

 

 

 

[carlus]

 

 

Samma virus finns kvar på datorn ännu....

bara alternativen granska, undanta och ignoera som finns..

men norton hittar ju då tillbaka till samma virus om o om igen..

hur och vad gör jag för att få bort detta...

när jag trycker på granska kommer jag bara hit...

 

länk: http://www.symantec.com/security_response/writeup.jsp?docid=2006-

062217-0726-99

 

och s å säger norton att allt är fritt fram men sen nästa sökning är det ju tillbaka igen... och viruset blir ju aldrig borttaget på så vis..

 

här är bilder på detta...

 

23 mars:

 

http://img.photobucket.com/albums/v335/BSandBandit/skvirus23mars.

jpg

 

24 mars

 

http://img.photobucket.com/albums/v335/BSandBandit/virussk24mars.

jpg

 

 

25 mars

 

http://img.photobucket.com/albums/v335/BSandBandit/virussk25mars.jpg

 

Som ni kan se är det samma virus problem varje gång jag söker datorn...

 

Hörde att det skulle finnas att anti spyware lr liknade som tar bort trojan:er är det sant och vart hittar jag i så fall det programmet ??

 

OM inte - Hur hittar man & blir man av med Trojan:er ??

 

 

 

 

 

 

 

 

ps.

 

 

Tack för alla hjälp innan

 

 

 

[Cecilia]

Bestäm dig nu för om du ska ha datorn rensad i den här tråden eller i din nyuppstartade tråd:

//eforum.idg.se/viewmsg.asp?entriesid=931247

 

 

[Johnde]

Jag har både drivecleaner, amaena och errorsafe, kan ngn. hjälpa?

Här är min logg från hijackthis:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:08:10, on 02.04.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\FSAUA\program\fsaua.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\FSAUA\program\fsus.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\QuickTime\qttask.exe

E:\Johns musik\iTunesHelper.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\iPod\bin\iPodService.exe

E:\bin\ZLH.EXE

C:\Program\Delade filer\{5CDC3A5D-070C-1035-1102-050409170166}\Update.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program\Ipwindows\ipwins.exe

C:\WINDOWS\RaUI.exe

C:\Program\Delade filer\Nokia\MPAPI\MPAPI3s.exe

C:\Program\OpenOffice.org 2.0\program\soffice.exe

C:\Program\OpenOffice.org 2.0\program\soffice.BIN

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Internet Explorer\iexplore.exe

E:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Johns musik\iTunesHelper.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [outlook] C:\Program\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [winupdates] C:\Program\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run

O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS\system32\tdimbcwb.dll",setvm

O4 - HKLM\..\Run: [Norman ZANDA] E:\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ipWins] C:\Program\Ipwindows\ipwins.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163658992750

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - E:\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - E:\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - E:\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - E:\Nvc\BIN\NVCSCHED.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

[/log]

 

 

[Zipp.]

 

Gå hit = E:\Hijackthis\HijackThis.exe

och byt namn på HijackThis.exe till rensare.exe och sen scanna en ny logg med rensare.exe och skicka den.

 

Öppna en egen tråd\skriv nytt inlägg när du skickar loggen

 

 

[Johnde]

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:39:16, on 02.04.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\FSAUA\program\fsaua.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\FSAUA\program\fsus.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\QuickTime\qttask.exe

E:\Johns musik\iTunesHelper.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\iPod\bin\iPodService.exe

E:\bin\ZLH.EXE

C:\Program\Delade filer\{5CDC3A5D-070C-1035-1102-050409170166}\Update.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program\Ipwindows\ipwins.exe

C:\WINDOWS\RaUI.exe

C:\Program\Delade filer\Nokia\MPAPI\MPAPI3s.exe

C:\Program\OpenOffice.org 2.0\program\soffice.exe

C:\Program\OpenOffice.org 2.0\program\soffice.BIN

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Outlook Express\msimn.exe

E:\Hijackthis\rensare.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\oldscnbe.dll (file missing)

O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\qomkijj.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: (no name) - {F87E119B-FFB2-4982-9ACC-62C090D7FAC6} - C:\WINDOWS\system32\ddccc.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Johns musik\iTunesHelper.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [outlook] C:\Program\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [winupdates] C:\Program\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run

O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS\system32\tdimbcwb.dll",setvm

O4 - HKLM\..\Run: [Norman ZANDA] E:\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ipWins] C:\Program\Ipwindows\ipwins.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163658992750

O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll

O20 - Winlogon Notify: qomkijj - C:\WINDOWS\SYSTEM32\qomkijj.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - E:\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - E:\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - E:\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - E:\Nvc\BIN\NVCSCHED.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

[/log]

 

[Zipp.]

 

Surfa hit och följ anvisningar på sidan

 

http://www.atribune.org/content/view/24/2/

 

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the

Scan for Vundo button." when VundoFix appears at reboot.

 

Skicka sen C:\vundofix.txt loggen

 

 

 

[carlus]

 

Blir du av med drivecleaner så säg till hur...

har fortfarande mitt kvar...

 

trots att JÄTTE BRA hjälp från cecilia o zipp

mkt tacksam men DC fortsätter att finnas på min dator...

 

 

snyft

 

[Zipp.]

 

På denna bild ser man sökvägen till filen = följ den och ta bort den

 

http://img.photobucket.com/albums/v335/BSandBandit/detaljer3.jpg

 

[Johnde]

C:\WINDOWS\system32\kklypthk.dll

C:\WINDOWS\system32\lnmp.bak1

C:\WINDOWS\system32\llnmp.ini

C:\WINDOWS\system32\pbtlkhhr.ddl

C:\WINDOWS\system32\pmnll.dll

C:\WINDOWS\system32\qomkijj.dll

C:\WINDOWS\system32\vtuts

 

[Zipp.]

 

Kopiera hela loggen och skicka igen.

 

[Johnde]

det går inte att kopiera den så jag skrev dit d. själv

 

[Zipp.]

 

Konstigt att det inte går att kopiera den.

 

Ladda ner ComboFix på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

Skicka loggen som kommer ut.

 

 

[carlus]

http://img.photobucket.com/albums/v335/BSandBandit/detaljer3.jpg

 

 

nu har jag följt länken så här långt:

gick till c:/ dok & settings / admin /

 

men när jag kommer dit så finns det inge loka inställnings mapp..

 

hur kommer man dit ??

 

vilken väg ska man ta då detta är en "dead end"

 

 

jag har använt sök i utforskaren men kommer ingen vart..

[inlägget ändrat 2007-04-02 21:37:00 av carlus]

[Zipp.]

 

Den mappen är dold så sätt dolda filer synliga.

 

[Johnde]

[log]ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Degerlund\Skrivbord"

 

 

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

"C:\WINDOWS\system32\pmnll.dll"

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\ipwindows\ipwins.dll

C:\Program\ipwindows\ipwins.exe

C:\Program\ipwindows\UnInstall.exe

C:\Program\outlook\p.zip

C:\Program\outlook\v.tmp

C:\Program\winupdates\a.tmp

C:\Program\winupdates\a.zip

C:\WINDOWS\system32\bund1\temp.txt

C:\WINDOWS\system32\nfomon\License.txt

C:\WINDOWS\system32\nfomon\nfo.ocx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\vidmon\vidmon.inf

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\keys.dat

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon0104.dbd

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon0106.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon0204.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon0315.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon0412.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon0504.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon0904.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon1125.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon1204.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon1215.dbd

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon1909.ddx

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon1920.dbd

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\mon2007.dbd

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo\arch\1001.dfn

C:\Program\pedevice\communication.xml

C:\Program\pedevice\Domain.Watchlist.txt

C:\Program\pedevice\pae-options.xml

C:\Program\pedevice\pae_url.xml

C:\Program\pedevice\PeDev.dll

C:\Program\pedevice\pedevPS.dll

C:\Program\pedevice\search.watchlist.txt

C:\Program\pedevice\statistic.xml

C:\Program\pedevice\watchlist.xml

C:\Program\pedevice\tmp\tmp.html

C:\Program\Delade filer\{3CDC3~1\Bar888.dll

C:\Program\Delade filer\{3CDC3~1\UnInstall.exe

C:\Program\ipwindows\ipwins.dll

C:\Program\ipwindows\ipwins.exe

C:\WINDOWS\system32\svchosts.exe

C:\WINDOWS\system32\unsvchosts.exe

C:\lswmv.ini

C:\WINDOWS\system32\llnmp.ini

C:\Program\inetget2

C:\Program\ipwindows

C:\Program\outlook

C:\Program\winupdates

C:\WINDOWS\system32\bund1

C:\WINDOWS\system32\vidmon

C:\WINDOWS\system32\nfomon

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\vidmon

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo

C:\Program\Delade filer\Uninstall Information

C:\Program\pedevice

C:\Program\Delade filer\{3CDC3~1

C:\Program\Delade filer\{5CDC3~1\Update.exe

C:\Program\Delade filer\{5CDC3~1

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))

 

 

2007-04-02 21:27 76,412 --a------ C:\WINDOWS\system32\pbtlkhhr.dll

2007-04-02 21:27 48,708 --a------ C:\WINDOWS\system32\kklypthk.dll

2007-04-02 21:27 478,491 ---hs---- C:\WINDOWS\system32\llnmp.bak1

2007-04-02 20:48 <KAT> d-------- C:\VundoFix Backups

2007-03-31 10:24 167 --a------ C:\DOCUME~1\DEGERL~1\3786.bat

2007-03-30 17:02 98,816 --a------ C:\WINDOWS\system32\WinFlyer32.dll

2007-03-30 17:02 26,694 --------- C:\WINDOWS\system32\qomkijj.dll

2007-03-28 18:11 94,533 --a------ C:\WINDOWS\system32\install.exe

2007-03-28 18:11 167 --a------ C:\WINDOWS\system32\3953.bat

2007-03-28 18:10 41,792 --a------ C:\WINDOWS\system32\app.exe

2007-03-28 18:10 32,768 --a------ C:\WINDOWS\system32\setup9x.exe

2007-03-28 18:09 <KAT> d--hs---- C:\DOCUME~1\DEGERL~1\Complete

2007-03-26 21:16 <KAT> d-------- C:\Program\MSXML 4.0

2007-03-26 17:56 <KAT> d-------- C:\Program\Delade filer\PCSuite

2007-03-26 17:56 <KAT> d-------- C:\Program\Delade filer\Nokia

2007-03-26 17:55 <KAT> d-------- C:\Program\PC Connectivity Solution

2007-03-26 17:54 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2007-03-26 17:54 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2007-03-26 17:54 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2007-03-26 17:54 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2007-03-26 17:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2007-03-26 17:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2007-03-26 17:26 <KAT> d-------- C:\DOCUME~1\DEGERL~1\APPLIC~1\Datalayer

2007-03-26 17:13 <KAT> d-------- C:\DOCUME~1\DEGERL~1\APPLIC~1\Nokia

2007-03-26 17:06 <KAT> d-------- C:\Program\DIFX

2007-03-26 17:05 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-03-26 17:05 <KAT> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-03-26 17:05 <KAT> d-------- C:\Program\Nokia

2007-03-26 17:05 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite

2007-03-26 17:05 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations

2007-03-09 18:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-03-03 20:13 397,312 --a------ C:\DOCUME~1\DEGERL~1\jogl.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-02 22:38 -------- d-------- C:\DOCUME~1\DEGERL~1\APPLIC~1\openoffice.org2

2007-03-31 20:44 285699 --a------ C:\DOCUME~1\DEGERL~1\APPLIC~1\nmm-metadata.db

2007-03-31 15:18 -------- d-------- C:\Program\f-secure

2007-03-31 11:48 50080 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys

2007-03-31 11:48 29472 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys

2007-03-31 11:34 -------- d-------- C:\DOCUME~1\DEGERL~1\APPLIC~1\lavasoft

2007-03-30 17:56 -------- d--h----- C:\Program\installshield installation information

2007-03-26 17:06 -------- d-------- C:\DOCUME~1\DEGERL~1\APPLIC~1\pc suite

2007-03-26 14:13 65184 --a------ C:\WINDOWS\system32\perfc01d.dat

2007-03-26 14:13 389356 --a------ C:\WINDOWS\system32\perfh01d.dat

2007-02-24 09:50 -------- d-------- C:\Program\java

2007-02-21 23:12 -------- d-------- C:\Program\ipod

2007-02-20 22:52 -------- d-------- C:\Program\sci games

2007-02-04 11:46 -------- d-------- C:\Program\google

2007-02-02 16:48 -------- d-------- C:\Program\windows media connect 2

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

"PcSync"="C:\\Program\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

"IpWins"="C:\\Program\\Ipwindows\\ipwins.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"RaidTool"="C:\\Program\\VIA\\RAID\\raid_tool.exe"

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

"F-Secure Manager"="\"C:\\Program\\F-Secure\\Common\\FSM32.EXE\" /splash"

"F-Secure TNB"="\"C:\\Program\\F-Secure\\FSGUI\\TNBUtil.exe\" /CHECKALL /WAITFORSW"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"E:\\Johns musik\\iTunesHelper.exe\""

"ATICCC"="\"C:\\Program\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"

"PCSuiteTrayApplication"="C:\\Program\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

"WinFlyer32.dll"="\"rundll32.exe\" C:\\WINDOWS\\system32\\WinFlyer32.dll,Run"

"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\tdimbcwb.dll\",setvm"

"Norman ZANDA"="E:\\bin\\ZLH.EXE /LOAD /SPLASH"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"PcSync"="C:\\Program\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source REG_SZ http://www.google.fi/images/hp0.gif

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

 

********************************************************************

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

********************************************************************

 

Completion time: 07-04-02 22:40:04

 

[/log]

 

[inlägget ändrat 2007-04-04 11:30:46 av Anders N]

[Zipp.]

 

Kopiera raden nedan och klistra in i Kör fältet och klocka Ok

 

"%userprofile%\skrivbord\combofix.exe" /v pbtlkhhr kklypthk qomkijj

 

Skicka loggen som kommer ut .

I ditt svar bifogar du loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[carlus]

http://img.photobucket.com/albums/v335/BSandBandit/detaljer3.jpg

 

 

nu har jag följt länken så här långt:

gick till c:/ dok & settings / admin /

 

men när jag kommer dit så finns det inge loka inställnings mapp..

 

hur kommer man dit ??

 

vilken väg ska man ta då detta är en "dead end"

 

 

jag har använt sök i utforskaren men kommer ingen vart..

 

 

[Johnde]

Datorn säger att det inte är en giltig fel. och kan inte köras

 

[Zipp.]

 

Jag har redan svarat på din fråga = Idag 21:43

 

[Zipp.]

 

Klistra du in hela raden

 

"%userprofile%\skrivbord\combofix.exe" /v pbtlkhhr kklypthk qomkijj