Tja, det var da ikke så fedt... Start med at downloade denne scanner: http://www.mwti.net[...] Post resultatet i næste log... Start med at deaktivere systemgendannelsen, kør en ny hijackthis og sæt flueben ud foran: R3 - URLSearchHook: (no name) - {5F59B435-379A-EC06-9849-8AE9ADCF0282} - C:WINDOWSDwhcjlcc.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:WINDOWSxxs5.dll O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:WINDOWSDOWNLO~1search3.dll O4 - HKLM..Run: [stcloader] C:WINDOWSSystem32stcloader.exe O4 - HKLM..Run: [winupdtl] C:WINDOWSSystem32winupdtl.exe O4 - HKLM..Run: [bxxs5] RunDLL32.EXE C:WINDOWSxxs5.dll,DllRun O4 - HKLM..Run: [AutoLoaderAproposClient] "C:WINDOWSSystem32Cachecxtpls_loader.exe" /HideUninstall /HideDir /PC=CP.FHB /ShowLegalNote=nonbranded O4 - HKLM..Run: [NaviSearch] C:ProgrammerNaviSearchin ls.exe O4 - HKLM..Run: [BullsEye Network] C:ProgrammerBullsEye Networkinargains.exe O4 - HKLM..Run: [4s4R32U] gcdshe.exe O4 - HKLM..Run: [AutoUpdater] "C:Program FilesAutoUpdateAutoUpdate.exe" Luk derefter alle browservinduer og klik på "fix checked" start derefter op i fejlsikret tilstand og find og slet: Filer: C:\WINDOWS\bxxs5 <<< Slet filen C:\WINDOWS\Dwhcjlcc.dll <<< Slet filen C:\WINDOWS\System32\exdl.exe <<< Slet filen C:\WINDOWS\System32\fldfaxui.exe <<< Slet filen C:\WINDOWS\System32\gcdshe.exe <<< Slet filen C:\WINDOWS\System32\exdl3.exe <<< Slet filen C:\WINDOWS\System32\stcloader.exe <<< Slet filen C:\WINDOWS\System32\winupdtl.exe <<< Slet filen C:\WINDOWS\System32\Cachecxtpls_loader.exe <<< Slet filen Mapper: C:\Programmer\NaviSearch <<< Slet mappen C:\Programmer\BullsEye Network <<< Slet mappen C:\Program Files\AutoUpdate <<< Slet mappen Start derefter op i normal tilstand og kom med en ny hijackthis log, samt resultatet af virusscanneren... //Kim In Chul
--
MSN: [email protected]

Ny Log: Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSSOUNDMAN.EXE C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe D:ProgrammerD-Toolsdaemon.exe C:ProgrammerMSN MessengerMsnMsgr.Exe D:ProgrammerSpywareGuardsgmain.exe D:ProgrammerSpywareGuardsgbhp.exe C:WINDOWSSystem32 vsvc32.exe C:ProgrammerTrend MicroPC-cillin 2002Tmntsrv.exe C:WINDOWSSystem32MsPMSPSv.exe C:ProgrammerTrend MicroPC-cillin 2002PCCPFW.exe D:ProgrammerHiJackThisHijackThis.exe C:ProgrammerInternet Exploreriexplore.exe C:WINDOWSSystem32wuauclt.exe O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:ProgrammerSpywareGuarddlprotect.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [pccguide.exe] "C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe" O4 - HKLM..Run: [PCCClient.exe] "C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe" O4 - HKLM..Run: [Pop3trap.exe] "C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe" O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [LBv5RSYnT] fldfaxui.exe O4 - Startup: SpywareGuard.lnk = D:ProgrammerSpywareGuardsgmain.exe O8 - Extra context menu item: Download All by FlashGet - D:PROGRA~1FlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - D:PROGRA~1FlashGetjc_link.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:PROGRA~1FlashGetflashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:PROGRA~1FlashGetflashget.exe O12 - Plugin for .mov: C:ProgrammerInternet ExplorerPLUGINS pqtplugin.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk[...] Resultat fra scan: File C:WINDOWSxxs5.dll tagged as not-a-virus:AdWare.BookedSpace.c. No Action Taken. File C:WINDOWSSystem32fldfaxui.exe infected by "Trojan-Downloader.Win32.Apropo.o" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32winupdt.exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken. File C:WINDOWSxxs5.dll tagged as not-a-virus:AdWare.BookedSpace.c. No Action Taken. File C:WINDOWSSystem32stcloader.exe infected by "Trojan.Win32.SecondThought.av" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32winupdtl.exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken. File C:ProgrammerNaviSearchin ls.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:PROGRA~1BULLSE~1inargains.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:PROGRA~2AUTOUP~1AUTOUP~1.EXE infected by "TrojanDownloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken. File C:WINDOWSsystem32fldfaxui.exe infected by "Trojan-Downloader.Win32.Apropo.o" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32angelex.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSxxs5.dll tagged as not-a-virus:AdWare.BookedSpace.c. No Action Taken. File C:WINDOWSdhp2.dll tagged as not-a-virus:AdWare.DealHelper.j. No Action Taken. File C:WINDOWSlocalNRD.dll tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken. File C:WINDOWSSystem32angelex.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32ATPartners.dll infected by "TrojanDownloader.Win32.Rameh.f" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32exdl.exe tagged as not-a-virus:AdWare.BargainBuddy.j. No Action Taken. File C:WINDOWSSystem32exdl0.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32exdl1.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32exdl2.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32exul.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32exul1.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32fldfaxui.exe infected by "Trojan-Downloader.Win32.Apropo.o" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken. File C:WINDOWSSystem32IdleUI.dll infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken. File C:WINDOWSSystem32javex80.vxd tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32javexulm.vxd tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32mqexdlm.srg tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32msbe.dll tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken. File C:WINDOWSSystem32 etut80ex.vxd tagged as not-a-virus:AdWare.BargainBuddy.j. No Action Taken. File C:WINDOWSSystem32 vms.dll tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:WINDOWSSystem32stcloader.exe infected by "Trojan.Win32.SecondThought.av" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32WebRebates_Auto_InstallSilent.exe tagged as not-a-virus:AdWare.WebRebates.b. No Action Taken. File C:WINDOWSSystem32winupdt.exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32winupdtl.exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1Tempadlinstallwin32.exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TempDel31.tmp tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:DOCUME~1DanielLOKALE~1Tempi227.tmp tagged as not-a-virus:AdWare.SurfSide.a. No Action Taken. File C:DOCUME~1DanielLOKALE~1TempICD2.tmpWinCommX.dll tagged as not-a-virus:AdWare.WinAD. No Action Taken. File C:DOCUME~1DanielLOKALE~1TempSskUpdater.exe tagged as not-a-virus:AdWare.TotalVelocity.v. No Action Taken. File C:DOCUME~1DanielLOKALE~1TempTHI58DE.tmplocalNRD.dll tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken. File C:DOCUME~1DanielLOKALE~1Temp~apropos0ph.exe infected by "Trojan-Downloader.Win32.Apropo.o" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5496B4XE7kop[1].htm tagged as not-a-virus:Joke.VBS.CDject. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE54RV3Q8HLbi8032[1].exe tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE54RV3Q8HLs5-tsrkqn[1].exe tagged as not-a-virus:AdWare.BookedSpace.c. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE54RV3Q8HLinst201[1].exe infected by "TrojanDownloader.Win32.Small.wj" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJE2517041105[1].exe tagged as not-a-virus:AdWare.VirtualBouncer.c. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJEAutoUpdaterInstaller[1].exe infected by "TrojanDownloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJEundles[1].exe infected by "Trojan.Win32.SecondThought.ba" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJEloader[1].exe infected by "Trojan.Win32.SecondThought.av" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5HC8JL1STid201[1].exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5HC8JL1STinstall201[1].exe infected by "Trojan.Win32.SecondThought.an" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5VNDNR1GWinstall_1000[1].exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5VNDNR1GW rack[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5VNDNR1GWwinupdt[1].exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5V1JFLWSSmileyCentralFWBInitialSetup1.0.0.8[1].exe infected by "TrojanDropper.Win32.FunWeb.a" Virus. Action Taken: No Action Taken. Undskyld ventetiden, men skulle i byen :p Synes den der virus scan noget kom med en masse :o
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-

Hej Jeg har prøvet at gøre som i har beskrevet men det virker ikke helt, jeg bliver ved at få en ekstra bjælke på bundlinien, med spil m.m, er der en der kan hjælpe. Logfile of HijackThis v1.98.2 Scan saved at 09:40:06, on 22-11-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:OfficeScan NT trtscan.exe C:OfficeScan NTOfcPfwSvc.exe C:OfficeScan NT mlisten.exe C:WINDOWSTEMPFPF496.EXE C:OfficeScan NTpccntmon.exe C:ProgrammerMessenger Plus! 3MsgPlus.exe C:WINDOWSsystem32ctfmon.exe C:ProgrammerInternet Exploreriexplore.exe c:progra~1intern~1iexplore.exe C:ProgrammerMSN Messengermsnmsgr.exe C:Documents and SettingsLeneSkrivebordhijackthis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://tbpewjdjnvnndsbxksjwkawc.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://login.passport.net[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {A7271DCC-4926-D077-78EA-F3C3C058B5BE} - C:DOCUME~1LeneAPPLIC~1WAYDVD~1Creative Drive.exe O4 - HKLM..Run: [OfficeScanNT Monitor] "C:OfficeScan NTpccntmon.exe" -HideWindow O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [corn byte gram team] C:Documents and SettingsAll UsersApplication Datasecond link corn byteBuildCdrom.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [TeamOnline] C:DOCUME~1LeneAPPLIC~1ATOMGR~1dalecurbmeta.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk[...] Mange hilsner Loutus
--

#3 Hver sød at oprette din egen tråd en anden gang, tak ;)
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-

#3 Jeg bliver nok nødt til at bede dig om at oprette din egen tråd, da det ellers vil blive alt for uoverskueligt for os... Men velkommen til siden:) #2 Det ser ikke så godt ud, du bliver nok nødt til at gå igang med den store spand:) Der er ikke så meget i loggen, men til gengæld er der en masse i din viruscanlog:( Så det er jo ikke så godt... Gå ind i temporary internet files og tøm den samt tøm så godt ud i temp mappen som du kan.. Kør en ny scanning med hijackthis og sæt flueben ud foran: O4 - HKCU..Run: [LBv5RSYnT] fldfaxui.exe Luk derefter alle browservinduer og klik på "fix checked" Start derefter op i fejlsikret tilstand og find og H@tKeysH@@k.DLL>slet: C:\WINDOWS\System32\H@tKeysH@@k.DLL <<< Slet filen C:\WINDOWS\System32\angelex <<< Slet filen C:\WINDOWS\System32\exdl0.exe <<< Slet filen C:\WINDOWS\System32\WebRebates_Auto_InstallSilent.exe <<< Slet filen C:\WINDOWS\System32\exdl1.exe <<< Slet filen C:\WINDOWS\System32\exdl2.exe <<< Slet filen C:\WINDOWS\System32\exul.exe <<< Slet filen C:\WINDOWS\System32\exul1.exe <<< Slet filen C:\WINDOWS\System32\fldfaxui.exe <<< Slet filen C:\WINDOWS\System32\IdleUI.dll <<< Slet filen C:\WINDOWS\System32\winupdt.exe <<< Slet filen C:\WINDOWS\System32\javex80.vxd <<< Slet filen C:\WINDOWS\System32\javexulm.vxd <<< Slet filen C:\WINDOWS\System32\mqexdlm.srg <<< Slet filen C:\WINDOWS\System32\msbe.dll <<< Slet filen C:\WINDOWS\System32\etut80ex.vxd <<< Mangler et bogstav, kig i egen log og slet filen C:\WINDOWS\System32\ vms.dll <<< Mangler et bogstav, kig i egen log og slet filen C:\WINDOWS\dhp2.dll <<< Slet filen C:\WINDOWS\localNRD.dll <<< Slet filen Start derefter op i normal tilstand og kom med en ny log... samt en viruscannings log:) //Kim In Chul
--
MSN: [email protected]

#5 Tja det hjalp lidt ;) Scan: File C:WINDOWSSystem32ATPartners.dll infected by "TrojanDownloader.Win32.Rameh.f" Virus. Action Taken: No Action Taken. File C:WINDOWSSystem32instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken. File C:WINDOWSSystem32 etut80ex.vxd tagged as not-a-virus:AdWare.BargainBuddy.j. No Action Taken. File C:WINDOWSSystem32 vms.dll tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken. File C:DOCUME~1DanielLOKALE~1Tempadlinstallwin32.exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TempDel31.tmp tagged as not-a-virus:AdWare.180Solutions. No Action Taken. File C:DOCUME~1DanielLOKALE~1Tempi227.tmp tagged as not-a-virus:AdWare.SurfSide.a. No Action Taken. File C:DOCUME~1DanielLOKALE~1TempICD2.tmpWinCommX.dll tagged as not-a-virus:AdWare.WinAD. No Action Taken. File C:DOCUME~1DanielLOKALE~1TempSskUpdater.exe tagged as not-a-virus:AdWare.TotalVelocity.v. No Action Taken. File C:DOCUME~1DanielLOKALE~1TempTHI58DE.tmplocalNRD.dll tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken. File C:DOCUME~1DanielLOKALE~1Temp~apropos0ph.exe infected by "Trojan-Downloader.Win32.Apropo.o" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5496B4XE7kop[1].htm tagged as not-a-virus:Joke.VBS.CDject. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE54RV3Q8HLbi8032[1].exe tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE54RV3Q8HLs5-tsrkqn[1].exe tagged as not-a-virus:AdWare.BookedSpace.c. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE54RV3Q8HLinst201[1].exe infected by "TrojanDownloader.Win32.Small.wj" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJE2517041105[1].exe tagged as not-a-virus:AdWare.VirtualBouncer.c. No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJEAutoUpdaterInstaller[1].exe infected by "TrojanDownloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJEundles[1].exe infected by "Trojan.Win32.SecondThought.ba" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5ATN45CJEloader[1].exe infected by "Trojan.Win32.SecondThought.av" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5HC8JL1STid201[1].exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5HC8JL1STinstall201[1].exe infected by "Trojan.Win32.SecondThought.an" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5VNDNR1GWinstall_1000[1].exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5VNDNR1GW rack[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5VNDNR1GWwinupdt[1].exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken. File C:DOCUME~1DanielLOKALE~1TEMPOR~1Content.IE5V1JFLWSSmileyCentralFWBInitialSetup1.0.0.8[1].exe infected by "TrojanDropper.Win32.FunWeb.a" Virus. Action Taken: No Action Taken. HJT: Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSSOUNDMAN.EXE C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe D:ProgrammerD-Toolsdaemon.exe C:ProgrammerMSN MessengerMsnMsgr.Exe D:ProgrammerSpywareGuardsgmain.exe D:ProgrammerSpywareGuardsgbhp.exe C:WINDOWSSystem32 vsvc32.exe C:ProgrammerTrend MicroPC-cillin 2002Tmntsrv.exe C:WINDOWSSystem32MsPMSPSv.exe C:ProgrammerTrend MicroPC-cillin 2002PCCPFW.exe C:WINDOWSSystem32wuauclt.exe C:PROGRA~1NokiaNOKIAP~1COMPON~1PHONEB~1NOKIAV~1.EXE C:PROGRA~1FLLESF~1PCSuiteDATALA~1DATALA~1.EXE C:PROGRA~1FLLESF~1PCSuiteServicesSERVIC~1.EXE D:ProgrammerWinampwinamp.exe C:ProgrammerInternet Exploreriexplore.exe C:ProgrammerInternet Exploreriexplore.exe C:DOCUME~1DanielLOKALE~1Tempmwavscan.com C:DOCUME~1DanielLOKALE~1Tempkavss.exe D:ProgrammerHiJackThisHijackThis.exe O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:ProgrammerSpywareGuarddlprotect.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [pccguide.exe] "C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe" O4 - HKLM..Run: [PCCClient.exe] "C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe" O4 - HKLM..Run: [Pop3trap.exe] "C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe" O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - Startup: SpywareGuard.lnk = D:ProgrammerSpywareGuardsgmain.exe O8 - Extra context menu item: Download All by FlashGet - D:PROGRA~1FlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - D:PROGRA~1FlashGetjc_link.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:PROGRA~1FlashGetflashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:PROGRA~1FlashGetflashget.exe O12 - Plugin for .mov: C:ProgrammerInternet ExplorerPLUGINS pqtplugin.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk[...] Det var det ;)
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-

Din hijackthislog er ren... Det er din viruslog ikke så gør følgende: Start op i fejlsikret tilstand og slet dem her: C:\WINDOWS\System32\ATPartners.dll <<< Slet filen C:\WINDOWS\System32\instsrv.exe <<< Slet filen C:\WINDOWS\System32\ etut80ex.vxd <<< Slet filen, men da vi ikke kan se det korrekte fil navn må du nok prøve at "gætte" dig til det manglende bogstav C:\WINDOWS\System32\ vms.dll <<< Der mangler også et bogstav, men er temmelig sikker på at filen hedder "nvms.dll" For så at tage de ting du har liggende i temp mappen kan vi jo prøve en online virusscanning: http://housecall.trendmicro.com[...] Hvis den ikke finder noget, så ville jeg blive glad for at kunne se stierne perfekt, dvs. at jeg gerne vil kunne se de "//" backslash, som hjælper en del :) Fordi så må vi tage det manuelt med kill box... //Kim In Chul
--
MSN: [email protected]

Kunne ikke finde C:WINDOWSSystem32 etut80ex.vxd desværre... Virus scanneren fandt ikke noget ;) Forstår ikke helt hvad du mener med det sidste !? Hvad er det du gerne vil se?
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-

Det som jeg gerne vil "se" er den "originale" log af viruscanneren pga. at der mangler backslash så jeg ikke kan se den korrekte sti... dvs. at der kan stå: C:WINDOWSSYSTEM32enellerandenmærkeligexefil.exe Her ved man jo godt hvordan den korrekte sti ser ud: C:\WINDOWS\SYSTEM32\enellerandenmærkeligexefil.exe Med Backslash, så man kan se hvad den korrekte sti er:) Det er jo lidt svært at skulle "gætte" sig til hvor hver enkelte ting befinder sig i... Så kunne evt. uploade loggen på upit.dk?
--
MSN: [email protected]

#9 Ja okay... Så forstår jeg hvad du mener... Jamen log filen er jo så utrolig lang :o Men det er måske meningen? :p
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-

#10 Hvor meget fylder sådan en fætter? Hvis du kan/vil så kan du også selv putte 1 ekstra "\" ind... For når du laver 2 \ så bliver det til 1... Men fuck nu bare det:) Vi gør det bare på en anden måde, gør følgende: http://www.mdegn.dk[...] Åbn det på skrivebordet, og put så en efter en de stier der bliver nævnt en i feltet og klik på "kill file" C:\DOCUME~1\Daniel\LOKALE~1\Tem\padlinstallwin32.exe C:\DOCUME~1\Daniel\LOKALE~1\Temp\Del31.tmp C:\DOCUME~1\Daniel\LOKALE~1\Temp\i227.tmp C:\DOCUME~1\Daniel\LOKALE~1\Temp\ICD2.tmpWinCommX.dll C:\DOCUME~1\Daniel\LOKALE~1\Temp\SskUpdater.exe C:\DOCUME~1\Daniel\LOKALE~1\Temp\THI58DE.tmplocalNRD.dll C:\DOCUME~1\Daniel\LOKALE~1\Temp~\apropos0ph.exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5496B4XE7kop[1].htm C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE54RV3Q8HLbi8032[1].exe t C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE54RV3Q8HLs5-tsrkqn[1].exe ta C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE54RV3Q8HLinst201[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5ATN45CJE2517041105[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5ATN45CJEAutoUpdaterInstaller[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5ATN45CJEundles[1].exe in C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5ATN45CJEloader[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5HC8JL1STid201[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5HC8JL1STinstall201[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5VNDNR1GWinstall_1000[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5VNDNR1GW rack[1].htm C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5VNDNR1GWwinupdt[1].exe C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5V1JFLWSSmileyCentralFWBInitialSetup1.0.0.8[1].exe Hvis nogen af stierne er ugyldige så tag og kig i din egen viruslog, da jeg har "gættet" mig til filernes beliggenhed, så ja det må du selv gøre:) Når du har gjort det, så kør en viruscan med Escan virus og post så resultatet af den... Så må vi se om det har hjulpet... //Kim In Chul
--
MSN: [email protected]

#11 Fætteren i sig selv fylder ikke så meget :P Tror bare den viser loggen over de filer den har scannet igennem ;) ... Nå, men den fandt noget mere snavs, lidt mindre end sidste godt nok ;) File C:\WINDOWS\System32\netut80ex.vxd tagged as not-a-virus:AdWare.BargainBuddy.j. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\Temp\adlinstallwin32.exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TempICD2.tmp\WinCommX.dll tagged as not-a-virus:AdWare.WinAD. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\Temp\THI58DE.tmp\localNRD.dll tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\496B4XE7\kop[1].htm tagged as not-a-virus:Joke.VBS.CDject. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\bbi8032[1].exe tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\bs5-tsrkqn[1].exe tagged as not-a-virus:AdWare.BookedSpace.c. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\inst201[1].exe infected by "TrojanDownloader.Win32.Small.wj" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\2517041105[1].exe tagged as not-a-virus:AdWare.VirtualBouncer.c. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ATN45CJEAutoUpdaterInstaller[1].exe infected by "TrojanDownloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\bundles[1].exe infected by "Trojan.Win32.SecondThought.ba" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\loader[1].exe infected by "Trojan.Win32.SecondThought.av" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\HC8JL1ST\id201[1].exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\HC8JL1ST\install201[1].exe infected by "Trojan.Win32.SecondThought.an" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\install_1000[1].exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\track[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\winupdt[1].exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ZV1JFLWS\SmileyCentralFWBInitialSetup1.0.0.8[1].exe infected by "TrojanDropper.Win32.FunWeb.a" Virus. Action Taken: No Action Taken. Puha... Sgu da et helvede at indtaste alle de "" :P Fik helt ondt af dig for alle de gange de har gjort det :) Men håber da det hjælper :)
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-

-=]CarlsberG[=- Det var dog genialt:D Det tager nemlig sin tid ja! Men som sagt oppe i #11 så skal du downloade Kill box og så åbne det, og en efter en putte en sti op i feltet og klikke på "Kill File" Gør det med følgende stier: C:\WINDOWS\System32\netut80ex.vxd C:\DOCUME~1\DanielLOKALE~1\Temp\adlinstallwin32.exe C:\DOCUME~1\DanielLOKALE~1\Temp\ICD2.tmp\WinCommX.dll C:\DOCUME~1\DanielLOKALE~1\Temp\THI58DE.tmp\localNRD.dll C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\496B4XE7kop[1].htm C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\bbi8032[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\bs5-tsrkqn[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\inst201[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\2517041105[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\AutoUpdaterInstaller[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\bundles[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\loader[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\HC8JL1ST\id201[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\HC8JL1ST\install201[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\install_1000[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\track[1].htm C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\winupdt[1].exe C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\ZV1JFLWS\SmileyCentralFWBInitialSetup1.0.0.8[1].exe Genstart og kom så med en ny scanning af Escan... //Kim In Chul
--
MSN: [email protected]

#13 Jamen vi er simpelthen et godt team ;) File C:\DOCUME~1\Daniel\LOKALE~1\Temp\adlinstallwin32.exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\Temp\ICD2.tmp\WinCommX.dll tagged as not-a-virus:AdWare.WinAD. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\Temp\THI58DE.tmp\localNRD.dll tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\496B4XE7\kop[1].htm tagged as not-a-virus:Joke.VBS.CDject. No Action Taken. File C:\DOCUME~1\DanielLOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\bbi8032[1].exe tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\bs5-tsrkqn[1].exe tagged as not-a-virus:AdWare.BookedSpace.c. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\4RV3Q8HL\inst201[1].exe infected by "TrojanDownloader.Win32.Small.wj" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\2517041105[1].exe tagged as not-a-virus:AdWare.VirtualBouncer.c. No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1Content.IE5ATN45CJEAutoUpdaterInstaller[1].exe infected by "TrojanDownloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\bundles[1].exe infected by "Trojan.Win32.SecondThought.ba" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ATN45CJE\loader[1].exe infected by "Trojan.Win32.SecondThought.av" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5HC8JL1ST\id201[1].exe infected by "Trojan.Win32.SecondThought.ak" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\HC8JL1ST\install201[1].exe infected by "Trojan.Win32.SecondThought.an" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\install_1000[1].exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\track[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\VNDNR1GW\winupdt[1].exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken. File C:\DOCUME~1\Daniel\LOKALE~1\TEMPOR~1\Content.IE5\ZV1JFLWS\SmileyCentralFWBInitialSetup1.0.0.8[1].exe infected by "TrojanDropper.Win32.FunWeb.a" Virus. Action Taken: No Action Taken. 1 Mindre end sidst :p Weeee! Det er sgu da godt nok noget lort med de \ :P Alle de filer din scan finder.. Skal man ikke bare slette dem !?
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-

Vi er begyndt at forstå hinanden;) Du skal nemlig, som du selv siger, slette alt det viruscanneren finder... Bliv ved til at de ikke kommer igen... Slet dem via. Kill Box... Når der ikke er flere, så aktiver systemgendannelsen... //Kim In Chul
--
MSN: [email protected]

#15 Hehe, ja det tror jeg sgu også vi er :) Kan være du kan lære mig alt det her HJT en dag ;) Så må jeg gå i krig med det imorgen så..
--
Indholdet af dette indlæg er blevet redigeret af -=]CarlsberG[=-