Msn virus dream01

[SEppo]

fått msn viruset dream01. er no jevli dum.

 

Har dere peil på hvordan man kan fjerne det ? jeg har kjørt virus scan ccleaner og spyware scan

uten og få fikset det ;D

 

hjelp plx

[K N]

Men det hjelper ikke altså?

Starta PC-en i sikkerhetsmodus og virusscanna da?

[SEppo]

Men det hjelper ikke altså?

Starta PC-en i sikkerhetsmodus og virusscanna da?

Hvordan starter man i sikkerhetsmodus ?=p

det hjalp ikke

[Gjest medlem-105082]

Hei

 

Last ned hijackthis og kjør programmet. Loggen som dukker opp, poster du her.

[Zeph]

Denne tråden var feilpostet og er blitt flyttet til riktig kategori.

[SEppo]

Hei

 

Last ned hijackthis og kjør programmet. Loggen som dukker opp, poster du her.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:58:05, on 28.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\CPUCooL\CooLSrv.exe

C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\Programfiler\SMC\SMCWPCIT-G\SMCWCU.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Øyvind\Skrivebord\refreshlock\RefreshLock.exe

C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Xfire\xfire.exe

D:\spill\mIRC\mirc.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

D:\spill\steam.exe

C:\Programfiler\Windows Live\installer\WLSetupSvc.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\ESET\nod32kui.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Alwil Software\Avast4\ashSimpl.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Winamp\winamp.exe

D:\Program Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sMCWCU] C:\Programfiler\SMC\SMCWPCIT-G\SMCWCU.exe -nogui

O4 - HKLM\..\Run: [RefreshLock] C:\Documents and Settings\Øyvind\Skrivebord\refreshlock\RefreshLock.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NOD32.lnk = C:\Programfiler\ESET\nod32.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: SMC Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programfiler\CPUCooL\CooLSrv.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

der har dun

[Gjest medlem-105082]

Last ned superantispyware. Installer, oppdater og kjør en 'complete scan'.

 

Når du har gjort det så kan du legge opp en ny hijackthis logg, sammen med SAS loggen. (preferences->statistics/logs)

 

[SEppo]

Last ned superantispyware. Installer, oppdater og kjør en 'complete scan'.

 

Når du har gjort det så kan du legge opp en ny hijackthis logg, sammen med SAS loggen. (preferences->statistics/logs)

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 11/29/2007 at 00:05 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3351

Trace Rules Database Version: 1350

 

Scan type : Complete Scan

Total Scan Time : 00:51:44

 

Memory items scanned : 586

Memory threats detected : 0

Registry items scanned : 5106

Registry threats detected : 0

File items scanned : 97580

File threats detected : 4

 

Adware.Tracking Cookie

C:\Documents and Settings\Øyvind\Cookies\øyvind@serving-sys[2].txt

C:\Documents and Settings\Øyvind\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øyvind\Cookies\øyvind@atdmt[2].txt

C:\Documents and Settings\Øyvind\Cookies\ø[email protected][1].txt

[norbat]

Hent MSNFix, pakk det ut på skrivebordet og kjør MSNFix.bat fila.

 

Fix følgende linje med HJT:

O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe

 

Bruk utforsker til å finne og slett:

C:\WINDOWS\system32\NTSpool.exe

 

Deretter ny hjt-logg.

[Demantios]

Start - kjør - cmd - "regedit"

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

 

Slett NTSpool.exe

 

Slett den også fra windowsfolderen

 

EDIT: too late

Endret 29. november 2007 av PepsiCo