MSN Virus!

[Lasken]

Jag har fått det så kallade 'msn viruset' som skickar filer till samtliga kontakter på min adresslista, vore tacksam för hjälp hur man tar bort det.

Har skapat en logfil från HijackThis som jag klistrar in här nedan. Är väldigt tacksam för hjälp!

 

Logfile of HijackThis v1.99.1

Scan saved at 20:40:13, on 2007-11-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Bergort\Mina dokument\Program\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program\Delade filer\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\DOCUME~1\Bergort\MINADO~1\XBOXPR~1\FlashFXP\FlashFXP\IEFlash.dll

O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program\Delade filer\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nod32kui] 'C:\Program\Eset\nod32kui.exe' /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program\MSN Messenger\MsnMsgr.Exe' /background

O8 - Extra context menu item: &ampSearch - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O8 - Extra context menu item: E&ampxportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122907449234

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program\Prevx2\PXAgent.exe' -f (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program\Delade filer\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

 

[927]

 

http://sosvirus.changelog.fr/MSNFix.zip

spara och packa upp filen på skrivbordet >öppna mappen och kör MSNFix.bat, följ anvisningarna som gör att du söker ('Ta bort'),gör ev omstart,rensar och visar en logg. loggfilen som skapas då är en txt fil vars filnamn innhåller dagens datum, den finns i mappen msnfix eller så visas den när msnfix avslutats. posta den loggen här.

en guide finns på den här sidan men på franska http://www.malekal.com/tutorial_MSNFix.php

obs när du startat fixen så kommer webbläsaren att stängas ner

 

[Lasken]

MSNFix 1.588

 

C:\Documents and Settings\Bergort\Skrivbord\MSNFix

Sokningen var klar pa 2007-11-22 - 21:23:48,16 By Bergort

normalt lage

 

************************ Kollar filer

 

... C:\WINDOWS\pics10.zip

 

************************ MSNCHK ***** /!\ beta test /!

 

 

************************ Kollar mappar

 

... C:\Temp\

 

 

 

 

************************ Tar bort virus filer

 

.. OK ... C:\WINDOWS\pics10.zip

 

 

************************ Tar bort virus mappar

 

.. OK ... C:\Temp\

 

 

************************ Rensar registret

 

 

 

************************ Misstankta Filer

 

/!\ Dem funna filerna maste kontrolleras innan borttagning

 

[C:\catgen.exe] 77E2AB1530DCA630E21F4766556548F6

[C:\Updater.exe] 50D1955BCA8825DA78FC00F62FBB2B1D

 

==> Var snall och ladda upp filen C:\DOCUME~1\Bergort\SKRIVB~1\Upload_Me.zip on http://upload.changelog.fr

 

 

 

Filerna och Registernycklarna har sparats i karantan 2007-11-22_21242865.zip

 

 

------------------------------------------------------------------------

Gjord av : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

[927]

 

det suntes inget i HJT loggen och msnfix hitta inget speciellt

 

gå hit

http://www.virustotal.com/sv/

skicka upp dessa filer för en koll och posta resultatet av scanningen här

C:\catgen.exe

C:\Updater.exe

(du kanske själv kan lista ut vad det är för filer)

 

den java/jre du har installerad är gammal, hämta den senaste och här och avinstallera gamla versioner via lägg till/ta bort program http://www.java.com/sv/