Trojan. Start Page

Hent og gem denne engangsscanner på dit skrivebord - vent med at køre den, KUN gemme.
http://www.spywareinfo.dk/download/mwav.exe

Gå derefter ind her http://www.spywarefri.dk/vaerktoj.htm og hent Spybot, Ad-Aware og HijackThis (KUN gemme)

Udfør følgende:

Åbn en mappe, (lige gyldigt hvilken) klik i menuen øverst oppe på Funktioner > Mappeindstillinger > fanebladet Vis
Fjern flueben ved "Skjul beskyttede operativsystemfiler" (bare klik <Ok> til en eventuel advarsel)
Fjern flueben ved "Skjul filtypenavne for kendte filtyper"
Sæt prik i "Vis skjulte filer og mapper", tryk Ok og luk mappen.

Afbryd din Internetforbindelse (fysisk - stikket ud)

Genstart i fejlsikker tilstand (tryk på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows) og kør nu virus-scanneren fra Kaspersky som du hentede i starten (måske skal du trykke på knappen <Kør> i en "åbn-fil advarsel" fra Windows) og klik derefter på knappen <Unzip>. Nu pakker programmet sig ud til C:\Kaspersky og du skal klikke på knappen <Ok> når det er udpakket, hvorefter programmet starter.
Sæt flueben i følgende:
<Memory>, <Starup Folders>, <Drive>, <Registry>, <System Folders> og <Services>
Sæt prik i følgende:
<All Local Drives> og <Scan All Files>
Klik nu på knappen <Scan Clean>

VIGTIGT:
Noter dig hvilke filer scanneren finder, hvor den finder dem og hvad den gør med dem.

Derefter genstarter du normalt og gennemfører nedenstående:

Installer og kør Spybot og Ad-Aware, opdater online, scan, sæt flueben i de ting programmerne finder og afhjælp de valgte problemer, genstart.
Opret en ny mappe på skrivebordet og læg HijackThis-filen i den (programmet skal køres inde fra mappen). Kør HijackThis, scan, gem loggen og kopier HELE indholdet af den herind, så kigger vi på den. Lad være med at slette noget selv med Hijackthis - det kan skade mere end det gavner.

Manual for installation og brug af HijackThis:
http://www.spywarefri.dk/hijackthis.man.htm

Jeg har forsøgt at følge dine instruktioner, der blev ryddet godt op efter at jeg kørte Kaspersky's program, 61 filer med virus heraf 38 deleted, men computeren ser ud til at fungere normalt, bortset fra at jeg stadig får virus alarm.

Nedenstående log fil fra HijackThis.

Hilsen HABO


Logfile of HijackThis v1.99.0
Scan saved at 23:21:56, on 09-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\mshta.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 3466709097 sea.search.msn.com
O1 - Hosts: 3466709097 www.your.com your.com
O1 - Hosts: 3466709097 com.org
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\system32\7rndole6wl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\system32\qp4sb1xj65.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealAudio.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\qp4sb1xj65.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\qp4sb1xj65.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\SuperCD\IntraLaunch.CAB
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Genstart i fejlsikker tilstand (tryk på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows) og kører programmet HijackThis.
Sæt flueben ud for linierne listet herunder. Når du har gjort det så lukker du alle andre vinduer ned (også mappen du åbnede for at køre HijackThis). Det er meget vigtigt, at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue (din Internet browser) når du har markeret filerne. Nu må du fixe > Klik på <Fix cheked>.

Her er linierne du skal fixe. HUSK at dobbelttjekke så ALT kommer med:

Hvis du ikke selv har valgt denne - http://0ml.net/cat - som start/søge-side, så fix også alle R1'erne og R0'erne og efter genstart vælg en anden.

O1 - Hosts: 3466709097 sea.search.msn.com
O1 - Hosts: 3466709097 www.your.com your.com
O1 - Hosts: 3466709097 com.org
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\system32\7rndole6wl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\system32\qp4sb1xj65.dll

O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\qp4sb1xj65.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\qp4sb1xj65.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

Derefter genstarter du i fejlsikker tilstand - finder og sletter det herunder listede:
Brug evt. Start > Søg > Alle filer og mapper > Under "Flere avancerede indstillinger" skal der være flueben i de tre øverste > Indsæt derefter det listede i feltet og tryk på søg. Slet alle de forekomster den finder.

MAPPER:
C:\Programmer\Yahoo!

FILER:
C:\WINDOWS\system32\7rndole6wl.dll
C:\WINDOWS\system32\qp4sb1xj65.dll

Derefter genstarter du normalt, scanner med HijackThis, gemmer loggen og kopierer indholdet af den herind *S*

Jeg har forsøgt at køre HiJackThis fra fejlsikker tilstand, men jeg får nu følgende fejlmeddelelse.

An unexpected error has occurred at procedure: modMain_FixUNIXHostsFile()
Error #62 - Input past end of file

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.0

This message has been copied to your clipboard.

Hvis du kan køre HijackThis fra normal tilstand, så gør du bare det i stedet for.
Men husk at filer og mapper efterfølgende skal slettes fra fejlsikker.
Venter spændt på en ny log *S*

Jeg har forsøgt fra normatilstand, jeg har enda downloaded HiJackThis igen, alt sammen med samme resultat, jeg får hver gang samme fejlmeddelelse!! Det bekymrer mig en lille smule alle de filer der blev slettet med softwaren fra KasperSky, men på den anden side ser det ud til at computeren kører normalt bortset fra nævnte problemer!!
HABO

Prøv lige dette:

Start - Kør - Skriv - sfc /scannow
Husk mellemrummet mellem    sfc og /

sfc står for -> (S)ystem(F)ile(C)hecker

Din Windows cd skal ligge i drevet mens du gør det.

Det er ret vigtigt at vi lige får en log mere at se herinde, før vi kan erklære din pc for ren.

Kan du stadig ikke den SFC-scanning få HijackThis slået i gang, kan vi prøve at reparere Windows. Lad høre fra dig *S*

Jeg kan stadig ikke køre HijackThis, jeg får den samme fejlmeddelelse. Under opdatering af filerne fik jeg flere gange meddelelsen "forkert disk, insæt korekt installationsdisk" jeg har kun den samme Win XP Home, så det er den korekte, det skal dog siges at det er en opdatering fra ME, og under første instalationen skulle jeg bruge min ME disk for at bekræfte retten til opdatering!!

HABO

Hmm - er lidt i tvivl om vi kan reparere, men hvis du er med på at gøre forsøget, synes jeg det er det værd.

Sådan foretager du en reparation af Win XP eller Windows 2000 -

1: Det første du skal gøre er at boote op på din Windows CD-rom, husk at i din bios skal dit cd-rom drev være sat til first boot device.
Når den har installeret nogle foreløbige filer skal du springe det første tilbud om reparation over og fortsætte din installation (nyinstallation)

2: Nu kan du så vælge hvilket drev din (nye) installation skal ligge på og her er det gerne dit C drev.

3: Og nu fortæller den dig der er et styresystem på dette drev og spørger om du vil slette det (L) eller om du vil lave en reparation (R) – vælg  reparer.

4: Og du vil nu se at den laver en helt ny installation, men den beholder alle dine indstillinger og dit skrivebord intakt og det bedste ved det hele er, at pc’en slipper af med alle fejlene.

5. Slap lidt af, mens pc'en arbejder. 

6: PS husk at have din CD-Key klar, denne skal bruges da det jo er en "nyinstallation"

Jeg går igang, håber det lykkes!!

Var tæt på at opgive og formatere harddisken, jeg fik alle mulige fejl og manglende drivere!! indtil jeg kom i tanke om at XP SP1 og Explore SP 1 også skulle instaleres, så hjalp det.

Men nu er jeg tilbage hvor jeg startede, jeg kan stadig ikke køre HijackThis, jeg får samme fejlmelding, og Trojan Start Page er der stadig!!

HABO

Jeg ved ikke hvad vi så skal gøre :-(
Uden en ny log, kan jeg ikke komme videre og det beklager jeg meget.

Prøv lige manuelt at slette host filen.

Den ligger i c:\windows\system32\drivers\etc
og hedder blot HOSTS.
Prøv derefter at køre HiJackThis igen og se om du nu kan få en log ud af den.

Bingo det var det der skulle til!! Jeg kunne ikke finde filen C:\Windows\system32\qp4sb1xj65.dll, og jeg får stadig virus alarm fra Norton når jeg starter op!! 0ml.net/cat er den side jeg bliver påtvunget når jeg starter Internettet.




Logfile of HijackThis v1.99.0
Scan saved at 12:57:22, on 11-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\mshta.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\lbufs8cnef.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\System32\y5agmbymkj.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealAudio.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\y5agmbymkj.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\y5agmbymkj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\SuperCD\IntraLaunch.CAB
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Alle R1 og R0 er fixed men jeg kan se de er med igen!!

Victor-1 er ikke online lige nu, så jeg prøver lige at hjælpe dig videre.

Genstart i fejlsikker tilstand. (Tryk F8 under opstart)

Fix disse i hiJackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\lbufs8cnef.dll
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\System32\y5agmbymkj.dll

Og slet disse filer:
C:\WINDOWS\System32\lbufs8cnef.dll
C:\WINDOWS\System32\y5agmbymkj.dll

Genstart og ny log.

Hermed ny log, jeg får stadig virus alarm.


Logfile of HijackThis v1.99.0
Scan saved at 13:47:08, on 11-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\mshta.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\7rysb6zwcb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\System32\h8fmn6dy37.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealAudio.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\h8fmn6dy37.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\h8fmn6dy37.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\SuperCD\IntraLaunch.CAB
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Prøv lige at downloade og køre denne:
http://www.safer-networking.org/files/delcwssk.zip

Genstart og fix disse i HiJackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\7rysb6zwcb.dll
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\System32\h8fmn6dy37.dll
O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\h8fmn6dy37.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\h8fmn6dy37.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\SuperCD\IntraLaunch.CAB

Genstart igen (kryds fingre) og kom med en ny log.

Hjælper dette ikke alvorligt på loggen skal der anderledes skrappere metoder til.

Ny log, stadig virualarm!


Logfile of HijackThis v1.99.0
Scan saved at 14:17:41, on 11-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\mshta.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ati2sgag.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\46kc07ca7j.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\System32\h80euay9dn.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealAudio.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\h80euay9dn.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\h80euay9dn.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Den er godt nok genstridig.

Afinstaller Spybot i tilføj/fjern programmer.

Hent og opdater Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm#adaware
Hent og opdater CWShredder: http://www.spywareinfo.com/downloads/tools/CWShredder.exe
Eller her: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

Genstart i fejlsikret tilstand.

så kører du en scanning med Ad-Aware og CWShredder og fjerner, hvad de finder.

Angående CWShredder:
Pak zipfilen ud i en mappe.
Kør programmet, tjek for updates, afbryd din internetforbindelse fysisk (stikket ud), luk alle vinduer undtaget cwshredder, klik på Fix, den scanner nu, når den er færdigt klik på Next, klik på Exit.

Genstart og kom med en ny log

Ny log fil og stadig virus warning, i den forbindelse skriver Norton følgende som den har gjort hele tiden: Objekt name: RealAdio.exe og Script haltet at: C:\WINDOWS\System32\myin.hta  Jeg vælger herefter script blocking.

Jeg erindrer at jeg fik virussen i.f.m. en automatisk opdatering af Real player.

Jeg har forsøgt at slette filen RealAdio.exe men den kommer igen!!


Logfile of HijackThis v1.99.0
Scan saved at 15:48:02, on 11-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\mshta.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\wsswjpuh0h.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\System32\691qvx7kq5.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealAudio.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\691qvx7kq5.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\691qvx7kq5.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Både victor-1 og jeg må være blinde, for snavset var jo i loggen hele tiden, men ingen af os så det.
Med til historien hører selvfølgelig også at navnene er meget velvalgte og beregnet til at man skal overse dem.


Genstart i fejlsikker tilstand. (Tryk F8 under opstart)

Fix disse i hiJackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10020} - C:\WINDOWS\System32\wsswjpuh0h.dll
O3 - Toolbar: The Simple Toolbar Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB} - C:\WINDOWS\System32\691qvx7kq5.dll

O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: RealAudio.exe

O9 - Extra button: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\691qvx7kq5.dll
O9 - Extra 'Tools' menuitem: The Simple Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\System32\691qvx7kq5.dll


Og slet disse filer:
C:\WINDOWS\System32\wsswjpuh0h.dll
C:\WINDOWS\System32\691qvx7kq5.dll

Genstart og ny log.

Hov, også denne fil skal slettes:

C:\WINDOWS\System32\myin.hta

INGEN VIRUS ALARM!!!!!

Ny log. Jeg kan se at Oml.net/cat stadig ligger i log filen, det kan måske skyldes at jeg først rettede startsiden efter jeg lavede log filen.



Logfile of HijackThis v1.99.0
Scan saved at 16:48:45, on 11-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe
C:\WINDOWS\SoftwareDistribution\Download\3f041588067b91c14112b5c67d948d08\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Du burde nu blot kunne fixe disse i HiJackThis og så burde de gå væk:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0ml.net/cat

Prøv lige det, genstart og kom med en ny log.

Ny log!



Logfile of HijackThis v1.99.0
Scan saved at 17:23:55, on 11-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Hej igen habo *S*

Jeg har netop gennemgået loggen og denne gang dobb.tjekket den. Ked af jeg ikke opdagede de filer helt fra starten, men jeg tror nu også, at det var de oplysninger du selv gav tonnybrandt der gav pote.

Efter min bedste overbevisning er loggen nu helt ren og du bør derfor udføre følgende (tag dig ikke af at denne slutbemærkning anbefaler programmer du allerede har - det skyldes at det er en tekst jeg bruger hvergang):

Så er det tid til lidt hovedrengøring - følg derfor nedenstående:

Sæt dine mappeindstillinger tilbage til standard:
Åbn en mappe, (ligegyldigt hvilken) klik i menuen øverst oppe på Funktioner > Mappeindstillinger > Vis
Sæt flueben ved "Skjul beskyttede operativsystemfiler"
Sæt flueben ved "Skjul filtypenavne for kendte filtyper"
Sæt prik i "Vis ikke skjulte filer og mapper" - slut af med at trykke <Ok>

Browser cachen skal renses - gør følgende:
1. Åbn din Internet Browser - Klik i menuen øverst oppe på Funktioner > Internetindstillinger
2. Under midlertidige filer, klik på "Slet cookies"
3. Under midlertidige filer, klik på "Slet filer" – sæt flueben i "Slet alt offline indhold"
4. Under Oversigten, klik på "Ryd oversigten"
5. Klik på "Ok"

Slut af med, at tømme papirkurven.

Til sidst skal du deaktivere systemgendannelsen - (http://www.spywarefri.dk/virusscannere.htm#alle) - genstarte din computer og aktivere systemgendannelsen igen. Derved oprettes der et nyt og "rent" gendannelsespunkt.

Et par velmente gode råd:
For at sikre din pc fremover ville det være en god idé at bruge nogle af programmerne fra pakken som du kan se her - http://www.spywarefri.dk/pakken.htm

Jeg anbefaler:
Spybot og Ad-Aware, SpywareBlaster, IE Privacy Keeper eller EmtyTempFolders, IE-Spyad og SpywareGuard som minimum. De er alle gratis, fylder ikke meget, sløver ikke din pc og konflikter ikke med dine øvrige programmer.

Ønsker du ikke mange små programmer kan du i stedet købe et program som Spy Sweeper. Det ligger også i pakken, hvor du kan læse lidt mere om det. Der ligger også et link til en dansk manual. Jeg kan varmt anbefale programmet.

Jeg undlader at lægge et svar, da det jo er tonnybrandt som løste opgaven.

Jeg er helt enig i at loggen er ren. Victor-1 har ret i at det var den forklaring du gav, der gjorde at jeg pludselig kunne se snavset *s*

victor-1 > Nu var det kun meningen at jeg lige ville hjælpe brugeren videre, og da jeg vist skylder dig en tjeneste, vil jeg godt have at du lægger et svar i dette spørgsmål og tager pointene. Så er vi kvit :)

Den er i vinkel tonnybrandt  ;-)

De oplysninger jeg gav her til sidst har ændret sig flere gange, først i dag blev de permanente, jeg har derfor nok ikke tillagt dem den nødvendige opmærksomhed.

Jeg kan i øvrigt fortælle at den første gang virusen kørte, fik jeg en kort blå menu bjælke nede i venstre hjørne af skærmen lige over "start", den åbnede i et vindue der lignede Notepad, men uden menubjælke så jeg ikke kunne gøre noget ved den, lukke eller redigere, den bestod af 5-6 linier af små firkanter og underlige tegn, afsluttende med klar tekst "I will fill your computer up with shit", siden har jeg ikke kunnet åbne den igen, selvom jeg i opstarten ser menuen i et meget kort flash!

Jeg takker meget for eksperthjælpen, det har været meget lærerigt, jeg vil nu altid have min Norton slået til, jeg abbonerer på Stofanets antivirus, men har nu lært at den kun scanner mail.

Hilsen og tak fra

HABO

Dette er et af de gode eksempler på hvor vigtigt det er, at vi får masser af oplysninger fra opretteren af spørgsmålet. Selv om vi dagligt bekæftiger os med at fjerne alt muligt skidt og møg fra forskellige pc'ere, er det ikke givet vi opdaget alt. Men netop det faktum at du fortalte løs om dine "oplevelser" viste sig at være det der skulle til.

Meget glad for, at du til slut fik problemet løst - og ikke mindst på gr.a. en vis herre i tråden her ;-)

En virus alarm igen. Ved virusscanning med Norton fik jeg følgende to alarmer med Trojan Start Page. Men computeren opfører sig tilsyneladende normalt, skal jeg foretage mig noget??

backup-20050111-162632-RealAudio.exe
in[1].exe

Log fil vedhæftet.

Logfile of HijackThis v1.99.0
Scan saved at 10:56:37, on 12-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Documents and Settings\HB\Dokumenter\Sattelit\Virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmer\Generic\USB Card Reader Driver v2.1a\Disk_Monitor.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "c:\programmer\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON AL-C900 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L10IC1.EXE /A "C:\WINDOWS\system32\E_L58.tmp"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Hvor finder den de filer henne ?
Kan det være i HiJackThis's backup folder ?

Falsk alarm, de to filer jeg fandt ved første virus scan, satte jeg i karantæne, og derefter deletede jeg dem i Norton.

Jeg har nu søgt efter dem i Windows søg, uden at finde dem, og en netop foretaget ny scanning med Norton fandt 0 inficerede filer!!

Men man er jo blevet lidt nervøs for sine data efter denne omgang, men jeg tror der var tale om falsk alarm!!

HABO

Ok - lyder lovende *S*
Måske du vil overveje at lukke tråden nu, ved at acceptere det svar jeg har lagt.
For at acceptere, skal du markere mit brugernavn nede til venstre og derefter klikke på accepter.

Takker på forhånd for pointene - fortsat god dag  ;-)