[LØST] Msn virus?

11 innlegg i emnet

Skrevet

Ser ut til at jeg fikk et virus,og lurer på om noen ser på HJT loggen om jeg har noe?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07:05, on 08.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Telenor\ecc\ecc.exe

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Logitech\Video\LogiTray.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSI\Core Center\CoreCenter.exe

C:\Programfiler\Logitech\SetPoint II\SetpointII.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDPOP3.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programfiler\Logitech\Video\FxSvr2.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [MSN Plus] C:\DOCUME~1\Rav3n\LOKALE~1\Temp\msnmsgr.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: SetPointII.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Takk for raskt svar KK.

Har scannet med:

Spybot

Ad-Aware

AVG-Anti Spyware

Symantec for MYTOB.B WORM

Trend Micro

Så langt har jeg ikke blitt kvitt O4 - HKLM\..\Run: [MSN Plus] C:\DOCUME~1\Rav3n\LOKALE~1\Temp\msnmsgr.exe

Har fulgt guiden du linket til.

Endret av poxy
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei. Du kan jo prøve et annet anti virus program

f.eks Avast er et veldig bra program og jeg er veldig fornøyd med det det scanner kjempe fort på filer og fjerner virus selv om de er vanskelige pluss at det søker automatisk etter virus selv og oppdateringer

prøv det programet og se om du får virus så kan du fjerne det :)

her står det en liste om worm på avast sin side http://www.avast.com/eng/avast-virus-cleaner.html

her er link til download: http://www.avast.com/eng/download-avast-home.html

pluss at du må registere får å pruduktnøkkel http://www.avast.com/eng/home-registration.php#register-form

lykke til ;)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Ok da har jeg testet Avast...

Logg:

08.11.2007, 20:42:28

Memory scanning started...

No virus body found in memory.

Memory scanning finished (5,8s).

----------

Files scanning started...

C:\Documents and Settings\Rav3n\Lokale innstillinger\Programdata\Microsoft\Messenger\..................\SharingMetadata\Working\database_6E8_6830_E868_2063\dfsr.db... file could not be scanned!

C:\Documents and Settings\Rav3n\Lokale innstillinger\Programdata\Microsoft\Messenger\...................\SharingMetadata\Working\database_6E8_6830_E868_2063\fsr.log... file could not be scanned!

C:\Documents and Settings\Rav3n\Lokale innstillinger\Programdata\Microsoft\Messenger\...................\SharingMetadata\Working\database_6E8_6830_E868_2063\fsrtmp.log... file could not be scanned!

C:\Documents and Settings\Rav3n\Lokale innstillinger\Programdata\Microsoft\Messenger\.....................\SharingMetadata\Working\database_6E8_6830_E868_2063\tmp.edb... file could not be scanned!

C:\Documents and Settings\Rav3n\Lokale innstillinger\Temp\~DF240E.tmp... file could not be scanned!

C:\Documents and Settings\Rav3n\Lokale innstillinger\Temp\~DF24BD.tmp... file could not be scanned!

C:\Documents and Settings\Rav3n\Lokale innstillinger\Temp\~DF7311.tmp... file could not be scanned!

C:\Documents and Settings\Rav3n\Lokale innstillinger\Temp\~DF733C.tmp... file could not be scanned!

C:\WINDOWS\system32\drivers\fidbox.dat... file could not be scanned!

C:\WINDOWS\system32\drivers\fidbox.idx... file could not be scanned!

C:\WINDOWS\Temp\ZLT04f13.TMP... file could not be scanned!

C:\WINDOWS\Temp\ZLT0781f.TMP... file could not be scanned!

No virus body found.

Files scanning finished (24104 files, 0 infected, 159,6s).

Drives scanned: C: E:

Endret av poxy
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Gå inn på virus chest på avast og se om det er virus der

marker alle sammen den logg du postet også trykker du repair på avast eller delete se om det skjer noe da

EDIT: Her står det godt forklart hva mann skal gjøre ;)http://www.technibble.com/how-to-remove-ms...oorgeneric3sat/

Når du har gjort det, altså den linken jeg postet så må du dessverre avinstalere msn på nytt får at alt skal funke perfekt, med andre ord: Avinstaler msn når du gjort det som står på linken

Prøv også denne linken her og last ned programet http://x6.no/supportforum/index.php?showtopic=51226

Last ned SDFix til skrivebordet.

Link til nedlasting: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dobbeltklikk på SDFix.exe og det vil pakke seg ut til en mappe i C:\SDFix

Restart pcen i sikker modus (hold inne F8 under oppstart, velg sikker modus)

Åpne SDFix-mappen og dobbeltklikk på RunThis.bat for å starte programmet

Velg Y for å starte rensingen

Pcen vil restarte, og SDFix vil fortsette.

Når SDFix er ferdig, poster du en ny HJT-logg + loggen fra SDFix (vil ligge som Report.txt i SDFix-mappen).

Endret av Hassonn
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Takker så mye :thumbup:

Har kjørt SDfix i sikkerhetsmodus

Logg:

SDFix: Version 1.114

Run by Administrator on 08.11.2007 at 21:36

Microsoft Windows XP [Versjon 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-08 21:38:26

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\DOCUME~1\\Rav3n\\LOKALE~1\\Temp\\msnmsgr.exe"="C:\\DOCUME~1\\Rav3n\\LOKALE~1\\Temp\\msnmsgr.exe:*:Enabled:MSN Plus"

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:

---------------

Files with Hidden Attributes:

Tue 6 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Og så er det HJT loggen:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:42:21, on 08.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Telenor\ecc\ecc.exe

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDPOP3.exe

C:\Programfiler\Logitech\Video\LogiTray.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\MSI\Core Center\CoreCenter.exe

C:\Programfiler\Logitech\SetPoint II\SetpointII.exe

C:\Programfiler\Logitech\Video\FxSvr2.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [MSN Plus] C:\DOCUME~1\Rav3n\LOKALE~1\Temp\msnmsgr.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: SetPointII.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 7069 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Har du lastet ned msn plus ?

den trenges å fikses O4 - HKLM\..\Run: [MSN Plus] C:\DOCUME~1\Rav3n\LOKALE~1\Temp\msnmsgr.exe

Must be fixed! Added by the MYTOB or MYTOB.B WORMS! Note - this is not the valid MSN Messenger utility

men avinstaler windows live messenger

og gå inn på den filen her og prøv å slette den eller søk på den ved å trykke, start--> søk så skriver du dette C:\DOCUME~1\Rav3n\LOKALE~1\Temp\msnmsgr.exe

Prøv dette her http://www.sophos.com/security/analyses/w32mytobc.html

If you use any of our other products for Windows NT/2000/XP/2003 and Windows 95/98/Me you will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

and remove any reference to any file you deleted.

Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:

HKU\[code number]\Software\Microsoft\Windows\

CurrentVersion\Run\

and remove any reference to any file you deleted.

Close the registry editor.

Prøv også dette programet her dette kan fjerne viruset http://www.spywareremove.com/download/Free...er97872p2s2.exe

Step 1 : Use Windows File Search Tool to Find MyTob Path

Go to Start > Search > All Files or Folders.

In the "All or part of the the file name" section, type in "MyTob" file name(s).

To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.

When Windows finishes your search, hover over the "In Folder" of "MyTob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete MyTob in the following manual removal steps.

Read more about How to Find MyTob with File Search Tool

Step 2 : Use Windows Task Manager to Remove MyTob Processes

To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.

Click on the "Image Name" button to search for "MyTob" process by name.

Select the "MyTob" process and click on the "End Process" button to kill it.

Remove the "MyTob" processes files:

mytobsfx.exe

msnmsgr.exe

mytobsfx.exetaskmanagers.exe

msnmsgr.exe

taskmanagers.exe

Read more about How to kill MyTob Processes

Step 3 : Detect and Delete Other MyTob Files

To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.

Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.

To change directory, type in "cd name_of_the_folder".

Once you have the file you're looking for type in "del name_of_the_file".

To delete a file in folder, type in "del name_of_the_file".

To delete the entire folder, type in "rmdir /S name_of_the_folder".

Select the "MyTob" process and click on the "End Process" button to kill it.

Remove the "MyTob" processes files:

mytobsfx.exe

msnmsgr.exe

taskmanagers.exe

Dette må fikse problemet ditt med en gnag ;)

bare prøv jeg skjønner at du blir irritert men vi her ITPRO gjør alt får å løse problemer ;)

Endret av Hassonn
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Evt.:

Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O4 - HKLM\..\Run: [MSN Plus] C:\DOCUME~1\Rav3n\LOKALE~1\Temp\msnmsgr.exe

Hent følgende fix og legg det på skrivebordet. MSNFix. Dobbeltklikk på fila og det vil bli opprettet ei ny fil på skrivebordet som heter 'Start MSNFix'. Kjør den fila og la den scanne ferdig. Lagre loggen på skrivebordet.

Restart pc'n og post ny hjt-logg sammen med loggen fra MSNFix.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Jeg har formattert!

Alikavel så takker jeg så meget for svar,og belønner Hassonn med poeng.

Endret av poxy
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Takk for poeng, Jeg ville etter hvert sagt formatering, men et problem som var vanskelig å løse for deg var nok formtering som var det beste

;)

Endret av Hassonn
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive