Virus W32/Netsky.q@MM

http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html

http://www.tipchannel.dk/kal4/17kb4/Netsky_ormene/Netsky_ormene.htm

Denne fjerner alle Netsky varianter + 40 andre.
http://download.nai.com/products/mcafee-avert/stinger.exe

-BLiTZ

Jaa ? hva siger du?? kunne du bruge det???

Jeg forsøger i øjeblikket at køre stinger. Der er blot det lille problem, at den melder forskelligt antal rene filer tilbage efter hvert forsøg. Hvad mener i ?

Det er ikke fordi der bliver flere rene filer - det er både og.

Prøv at hente denne, lig den i en separat mappe, scan og send loggen herind
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

-BLiTZ

Logfile of HijackThis v1.97.7
Scan saved at 10:45:39, on 24-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmer\Executive Software\Diskeeper\DkService.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\D-Link AirPlus\AirPlus.exe
C:\Programmer\AVERTV2K\QuickTV.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\tst\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euroinvestor.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WrCtrl] C:\Programmer\WinRoute Pro\WrCtrl.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: TeleSA.lnk = C:\WINDOWS\system32\AVerSA.exe
O4 - Global Startup: QuickTV.lnk = C:\Programmer\AVERTV2K\QuickTV.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {59B18099-4C1D-4A08-A9F7-ED0554006749} (Select Class) - http://shopping.jubii.dk/foto/components/photoupload.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38042.187349537
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA0C90E-1A4A-44C7-943F-D8998644E27E}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA0C90E-1A4A-44C7-943F-D8998644E27E}: NameServer = 192.168.0.1

Syntes ikke jeg kan se noget som ikke skulle være der, prøv at scanne med denne : http://security.symantec.com/sscv6/home.asp?j=1&langid=ie&venid=sym&close_parent=true&plfid=22&pkj=BQPRSFLJMVHNMITLPOQ

Og lav så en scanning med denne, nå du starter programmet efter installation, skal du trykke på planeten, for at opdatere reference filen, scan så og fjern hvad den finder, fornær dem der hedder noget med windows registry, da det kan være noget som windows media player bruger, men det kan du se i infoen om filen.

http://download.com.com/3001-8022-10214379.html

-BLiTZ

Jeg har nu kørt stinger et par gange, endelig viser system en vis stabilitet.
Tak for hjælpen.