‹‹ NIS2004/NAV2004     Hjælp mig ››
 
 
 
bobby igen
    [ Ignorer ]   
  bobby
14.05.2004 16:35:03
Antal indlæg: 627

hey d r bobby igen, d går helt fint med den computer i fixede.
her r loggen fra mit andet computer. kan i kigge lidt på den om den r ren el lign… tak

Logfile of HijackThis v1.97.7
Scan saved at 14:34:58, on 14-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/csrss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/spoolsv.exe
C:/WINNT/System32/svchost.exe
C:/Programmer/Fælles filer/Microsoft Shared/VS7Debug/mdm.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/MsPMSPSv.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/Programmer/Common Files/Dpi/dpi.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/Common files/updmgr/updmgr.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/WINNT/system32/rundll32.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/WINNT/System32/svchost.exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/Documents and Settings/bobby1/Skrivebord/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.msn.dk/
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = C:/WINNT/System/blank.htm
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = C:/WINNT/System/blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/4.bin/MYBAR.DLL
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:/WINNT/lbbho.dll
O3 - Toolbar: My &Search; Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/4.bin/MYBAR.DLL
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [SystemBoot] C:/WINDOWS/SYSTEM/Mshta.exe file:///C:/Live_Show.hta
O4 - HKLM/../Run: [Dpi] C:/Programmer/Common Files/Dpi/dpi.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKLM/../Run: [updmgr] C:/Programmer/Common files/updmgr/updmgr.exe
O4 - HKLM/../Run: [Openwares LiveUpdate] C:/Program Files/LiveUpdate/LiveUpdate.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe”  -osboot
O4 - HKLM/../Run: [THGuard] “C:/Programmer/TrojanHunter 3.8/THGuard.exe”
O4 - HKLM/../Run: [New.net Startup] rundll32 C:/PROGRA~1/NEWDOT~1/NEWDOT~2.DLL,NewDotNetStartup
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - Startup: iMesh.lnk = C:/Programmer/iMesh/Client/iMeshClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office10/OSA.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/263a71bc5e9064529c17/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.3946180556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    [ Ignorer ]   [ # 1 ]   
  Resist TeamSpywarefri
14.05.2004 18:00:53
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Hent og brug denne uninstaller: http://www.new.net/support/uninstall6_10.exe

Tag en tur med Spybot og Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm

Genstart og ny log fra HijackThis - tak

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 2 ]   
  bobby
14.05.2004 18:18:38
Antal indlæg: 627

her r den nye log…


Logfile of HijackThis v1.97.7
Scan saved at 16:20:03, on 14-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/csrss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/spoolsv.exe
C:/WINNT/System32/svchost.exe
C:/Programmer/Fælles filer/Microsoft Shared/VS7Debug/mdm.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/MsPMSPSv.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/Programmer/Common files/updmgr/updmgr.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/Internet Explorer/iexplore.exe
C:/Documents and Settings/bobby1/Skrivebord/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.msn.dk/
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = C:/WINNT/System/blank.htm
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = C:/WINNT/System/blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/4.bin/MYBAR.DLL
O3 - Toolbar: My &Search; Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/4.bin/MYBAR.DLL
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [SystemBoot] C:/WINDOWS/SYSTEM/Mshta.exe file:///C:/Live_Show.hta
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKLM/../Run: [updmgr] C:/Programmer/Common files/updmgr/updmgr.exe
O4 - HKLM/../Run: [Openwares LiveUpdate] C:/Program Files/LiveUpdate/LiveUpdate.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe”  -osboot
O4 - HKLM/../Run: [THGuard] “C:/Programmer/TrojanHunter 3.8/THGuard.exe”
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office10/OSA.EXE
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/263a71bc5e9064529c17/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.3946180556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    [ Ignorer ]   [ # 3 ]   
  Resist TeamSpywarefri
14.05.2004 18:36:55
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Placer HijackThis i en mappe for sig selv og kør programmet derfra.

Følg vejledningen her: http://www.spywarefri.dk/hjtanv.htm (punkt 5-6). Fix disse med HijackThis:

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = C:/WINNT/System/blank.htm
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = C:/WINNT/System/blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/4.bin/MYBAR.DLL

O3 - Toolbar: My &Search; Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/4.bin/MYBAR.DLL

O4 - HKLM/../Run: [SystemBoot] C:/WINDOWS/SYSTEM/Mshta.exe file:///C:/Live_Show.hta
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKLM/../Run: [updmgr] C:/Programmer/Common files/updmgr/updmgr.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office10/OSA.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/263a71bc5e9064529c17/netzip/RdxIE601.cab


——
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.
——

Genstart i fejlsikret tilstand (F8 i opstart). Find og slet:

C:/Programmer/MyWay >>>> mappen MyWay
C:/WINDOWS/SYSTEM/Mshta.exe file:///C:/Live_Show.hta >>>> filen
C:/WINNT/system32/ixbhwyi.dll,Init 1 >>>> filen
C:/Programmer/Common files/updmgr/updmgr.exe >>>> mappen updmgr


Genstart normalt og kom med en ny log – tak

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 4 ]   
  bobby
15.05.2004 13:34:55
Antal indlæg: 627

her r den nye log - men jeg kunne kun slette de to mapper men ikke de to filer….

Logfile of HijackThis v1.97.7
Scan saved at 11:35:05, on 15-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/csrss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/spoolsv.exe
C:/WINNT/System32/svchost.exe
C:/Programmer/Fælles filer/Microsoft Shared/VS7Debug/mdm.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/MsPMSPSv.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Documents and Settings/bobby1/Skrivebord/hijack/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.apple.com/
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [Openwares LiveUpdate] C:/Program Files/LiveUpdate/LiveUpdate.exe
O4 - HKLM/../Run: [THGuard] “C:/Programmer/TrojanHunter 3.8/THGuard.exe”
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.3946180556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    [ Ignorer ]   [ # 5 ]   
  Fromsej TeamSpywarefri
15.05.2004 14:10:36
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

Kopier denne linie ind i Start->Kør
rundll32 C:/WINDOWS/System32:ixbhwyi.dll,Uninstall
Klik OK.
Hent MSconfig her:
http://www.spywarefri.dk/tipsogtricks.htm#msconfig
I fanebladet Start fjerner du fluebenet ved ixbhwyi.dll, genstart.

Find ixbhwyi.dll og slet den, lav en søgning på ixbhwyi , der skulle gerne være to filer, som begge skal slettes.
Genstart og ny log.

 

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 6 ]   
  bobby
15.05.2004 14:43:35
Antal indlæg: 627

jeg kan ikke - den siger fejl under indlæsningen og det angivne modul kunne ikke findes….

    [ Ignorer ]   [ # 7 ]   
  Fromsej TeamSpywarefri
15.05.2004 14:53:01
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

Fixes:
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
Slettes:
C:/WINNT/system32/ixbhwyi.dll
Se lige om du med Start->Søg finder en ixbhwyi uden “efternavn”, den skal også slettes.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 8 ]   
  bobby
15.05.2004 14:58:24
Antal indlæg: 627

har lige fixed men kunne stadig ikke slette ixbhwyi.dll den siger at den bruges af windows…
Logfile of HijackThis v1.97.7
Scan saved at 13:00:08, on 15-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/csrss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/spoolsv.exe
C:/WINNT/System32/svchost.exe
C:/Programmer/Fælles filer/Microsoft Shared/VS7Debug/mdm.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/MsPMSPSv.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/Documents and Settings/bobby1/Skrivebord/hijack/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.apple.com/
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [Openwares LiveUpdate] C:/Program Files/LiveUpdate/LiveUpdate.exe
O4 - HKLM/../Run: [THGuard] “C:/Programmer/TrojanHunter 3.8/THGuard.exe”
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.3946180556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    [ Ignorer ]   [ # 9 ]   
  Fromsej TeamSpywarefri
15.05.2004 15:24:37
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

Fix de to linier igen,
Kopier teksten med fed ind i Notepad/Notesblok, vælg Gem som i Filtype vælg Alle filer , giv den navnet Fjernmig.reg og gem den på skrivebordet.
Dobbeltklik på den, sig ja til at flette, genstart så burde den være væk.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce]
“ixbhwyi.dll”=“cmd /c Attrib -h -r -s /“C://WINNT//System32//ixbhwyi.dll/” & del /“C://WINNT//System32//ixbhwyi.dll/”“

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 10 ]   
  bobby
16.05.2004 17:41:51
Antal indlæg: 627

jeg fulgt instruks. her r loggen:

Logfile of HijackThis v1.97.7
Scan saved at 15:43:11, on 16-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/csrss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/spoolsv.exe
C:/WINNT/System32/svchost.exe
C:/Programmer/Fælles filer/Microsoft Shared/VS7Debug/mdm.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/MsPMSPSv.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/Documents and Settings/bobby1/Skrivebord/hijack/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.apple.com/
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [Openwares LiveUpdate] C:/Program Files/LiveUpdate/LiveUpdate.exe
O4 - HKLM/../Run: [THGuard] “C:/Programmer/TrojanHunter 3.8/THGuard.exe”
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.3946180556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    [ Ignorer ]   [ # 11 ]   
  Fromsej TeamSpywarefri
16.05.2004 17:56:42
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

Genstart i fejlsikret, fix de to linier her:
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
Hvis de ikke er der i fejlsikret, så prøv i normal tilstand.
Tjek så lige at filen er væk.
C:/WINNT/system32/ixbhwyi.dll
Genstart normalt og ny log.

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 12 ]   
  Fromsej TeamSpywarefri
16.05.2004 17:59:49
Administrator
Avatar
Team Spywarefri
Antal indlæg: 55091

Hvis du stadigvæk har den fil, så prøv med TheKillBox.
http://home8.inet.tele.dk/fbj/TheKillBox.exe
http://home8.inet.tele.dk/fbj/TheKillBoxBrugsanvisning.htm

Signatur

Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole”

Græd du også over eventyret om smedens kat, da du var lille?
http://www.spywarefri.dk/medarbejderne/

Nierne bomaye - You’ll never walk alone
qui potest, obligatur

    [ Ignorer ]   [ # 13 ]   
  bobby
16.05.2004 18:30:46
Antal indlæg: 627

fulgt instruks. her d nye log:

Logfile of HijackThis v1.97.7
Scan saved at 16:32:08, on 16-05-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/csrss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/spoolsv.exe
C:/WINNT/System32/svchost.exe
C:/Programmer/Fælles filer/Microsoft Shared/VS7Debug/mdm.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/MsPMSPSv.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/Documents and Settings/bobby1/Skrivebord/hijack/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.apple.com/
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [Openwares LiveUpdate] C:/Program Files/LiveUpdate/LiveUpdate.exe
O4 - HKLM/../Run: [THGuard] “C:/Programmer/TrojanHunter 3.8/THGuard.exe”
O4 - HKLM/../Run: [ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKLM/../RunOnce: [*ixbhwyi] rundll32 C:/WINNT/system32/ixbhwyi.dll,Init 1
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37947.3946180556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    [ Ignorer ]   [ # 14 ]   
  FBJ Emeritus
16.05.2004 19:42:30
Redaktør
Avatar
Supporter Emeritus
Antal indlæg: 17644

Jeg tror at fejlen er fundet - Fromsej har tidligere bedt dig om at gå i Start -> Kør og skrive rundll32 C:/WINDOWS/System32:ixbhwyi.dll,Uninstall—- gør det igen, men denne gang skal du skrive

rundll32 C:/WINNT/System32:ixbhwyi.dll,Uninstall

Signatur

Gode råd om sikkerhed….

    [ Ignorer ]   [ # 15 ]   
  bobby
16.05.2004 19:47:34
Antal indlæg: 627

har lige prøvet men den siger fejl under indlæsningen og at modulet kunne ikke findes…..
 
‹‹ NIS2004/NAV2004     Hjælp mig ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves