‹‹ irriterende virus /problem     pakker mapper ››
 
 
 
log
    [ Ignorer ]   
  lanther
29.01.2004 22:55:35
Antal indlæg: 15

så er jeg fået i gang med husets anden computer - resultatet var perfekt sidste gang jeg fik hjælp her - hvordan ser denne log ud:

Logfile of HijackThis v1.97.7
Scan saved at 20:46:52, on 29-01-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/NORMAN/Nvc/BIN/ZLH.EXE
C:/Programmer/POP Peeper/POPPeeper.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/AdsGone/adsgone.exe
C:/WINDOWS/System32/winupdate.exe
C:/Norman/Nvc/BIN/Zanda.exe
C:/WINDOWS/System32/sndloader.exe
C:/WINDOWS/System32/sw32.exe
C:/NORMAN/Nvc/BIN/NYMSE.EXE
C:/NORMAN/Nvc/BIN/NIP.EXE
C:/NORMAN/Nvc/BIN/NJEEVES.EXE
C:/NORMAN/Nvc/BIN/nvcoas.exe
C:/NORMAN/Nvc/BIN/NVCSCHED.EXE
C:/NORMAN/Nvc/BIN/cclaw.exe
C:/Documents and Settings/Heidi/Lokale indstillinger/Temp/Midlertidig mappe 2 for hijackthis.zip/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [Configuration Loader] sw32.exe
O4 - HKLM/../Run: [Norman ZANDA] C:/NORMAN/Nvc/BIN/ZLH.EXE /LOAD /SPLASH
O4 - HKLM/../Run: [POP Peeper] C:/Programmer/POP Peeper/POPPeeper.exe min
O4 - HKLM/../Run: [Sound Loader] sndloader.exe
O4 - HKLM/../Run: [ivr] winupdate.exe
O4 - HKLM/../RunServices: [Configuration Loader] sw32.exe
O4 - HKLM/../RunServices: [Sound Loader] sndloader.exe
O4 - HKLM/../RunServices: [ivr] winupdate.exe
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Startup: AdsGone.lnk = C:/Programmer/AdsGone/adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:/Programmer/AdsGone/adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [ Ignorer ]   [ # 1 ]   
  Resist TeamSpywarefri
29.01.2004 23:05:29
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Vi kigger på loggen med det samme.

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 2 ]   
  Resist TeamSpywarefri
29.01.2004 23:24:23
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Følg anvisningerne her: http://www.spywarefri.dk/hjtanv.htm (punkt 5 og 6).

Genstart i fejlsikret tilstand (tryk F8 i opstart)

Fix disse med HijackThis:

O4 - HKLM/../Run: [Configuration Loader] sw32.exe
O4 - HKLM/../Run: [Sound Loader] sndloader.exe
O4 - HKLM/../Run: [ivr] winupdate.exe
O4 - HKLM/../RunServices: [Configuration Loader] sw32.exe
O4 - HKLM/../RunServices: [Sound Loader] sndloader.exe
O4 - HKLM/../RunServices: [ivr] winupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE

——-
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.
——-

Find og slet disse filer:

C:/WINDOWS/System32/winupdate.exe >>>> filen winupdate.exe
C:/WINDOWS/System32/sndloader.exe >>>> filen sndloader.exe
C:/WINDOWS/System32/sw32.exe >>>> filen sw32.exe


Genstart normalt og kom med en ny log - tak wink

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 3 ]   
  lanther
02.02.2004 14:45:37
Antal indlæg: 15

så kom den til at se sådan ud:

Logfile of HijackThis v1.97.7
Scan saved at 12:36:32, on 02-02-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/Explorer.EXE
C:/Documents and Settings/Heidi/Lokale indstillinger/Temp/Midlertidig mappe 3 for hijackthis.zip/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [Norman ZANDA] C:/NORMAN/Nvc/BIN/ZLH.EXE /LOAD /SPLASH
O4 - HKLM/../Run: [POP Peeper] C:/Programmer/POP Peeper/POPPeeper.exe min
O4 - HKLM/../Run: [COM+ System Applications] lsas.exe
O4 - HKLM/../RunServices: [COM+ System Applications] lsas.exe
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Startup: AdsGone.lnk = C:/Programmer/AdsGone/adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:/Programmer/AdsGone/adsgone.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [ Ignorer ]   [ # 4 ]   
  A.Behrendt TeamSpywarefri
02.02.2004 17:20:48
Redaktør
Supporter Emeritus
Antal indlæg: 25535

Hej lanther

Det var da bedre, men ikke godt nok. Fix lige disse fra fejlsikret tilstand

O4 - HKLM/../Run: [COM+ System Applications] lsas.exe
O4 - HKLM/../RunServices: [COM+ System Applications] lsas.exe

Og så lige en ny log. *S*

    [ Ignorer ]   [ # 5 ]   
  lanther
02.02.2004 23:42:33
Antal indlæg: 15

her :

Logfile of HijackThis v1.97.7
Scan saved at 21:36:34, on 02-02-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/NORMAN/Nvc/BIN/ZLH.EXE
C:/Programmer/POP Peeper/POPPeeper.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/AdsGone/adsgone.exe
C:/WINDOWS/System32/winupdate.exe
C:/WINDOWS/System32/lsas.exe
C:/Norman/Nvc/BIN/Zanda.exe
C:/NORMAN/Nvc/BIN/NYMSE.EXE
C:/NORMAN/Nvc/BIN/NIP.EXE
C:/NORMAN/Nvc/BIN/nvcoas.exe
C:/NORMAN/Nvc/BIN/NJEEVES.EXE
C:/NORMAN/Nvc/BIN/NVCSCHED.EXE
C:/NORMAN/Nvc/BIN/cclaw.exe
C:/Documents and Settings/Heidi/Lokale indstillinger/Temp/Midlertidig mappe 3 for hijackthis.zip/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid;={SUB_CLSID}&pver;={SUB_PVER}&ar=home
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [Norman ZANDA] C:/NORMAN/Nvc/BIN/ZLH.EXE /LOAD /SPLASH
O4 - HKLM/../Run: [POP Peeper] C:/Programmer/POP Peeper/POPPeeper.exe min
O4 - HKLM/../Run: [ivr] winupdate.exe
O4 - HKLM/../RunServices: [ivr] winupdate.exe
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Startup: AdsGone.lnk = C:/Programmer/AdsGone/adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:/Programmer/AdsGone/adsgone.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [ Ignorer ]   [ # 6 ]   
  Resist TeamSpywarefri
02.02.2004 23:56:23
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Gå i fejlsikret tilstand. Fix disse med HijackThis:

O4 - HKLM/../Run: [ivr] winupdate.exe
O4 - HKLM/../RunServices: [ivr] winupdate.exe

Find og slet følgende:

C:/WINDOWS/System32/winupdate.exe >>>> filen winupdate.exe
C:/WINDOWS/System32/lsas.exe >>>> filen lsas.exe (læg mærke til, at der kun er et “s” til sidst)

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 7 ]   
  lanther
03.02.2004 00:11:05
Antal indlæg: 15

nu håber jeg snart det hjælper

Logfile of HijackThis v1.97.7
Scan saved at 22:04:51, on 02-02-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/NORMAN/Nvc/BIN/ZLH.EXE
C:/Programmer/POP Peeper/POPPeeper.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/AdsGone/adsgone.exe
C:/Norman/Nvc/BIN/Zanda.exe
C:/NORMAN/Nvc/BIN/NYMSE.EXE
C:/NORMAN/Nvc/BIN/NIP.EXE
C:/NORMAN/Nvc/BIN/nvcoas.exe
C:/NORMAN/Nvc/BIN/NJEEVES.EXE
C:/NORMAN/Nvc/BIN/NVCSCHED.EXE
C:/NORMAN/Nvc/BIN/cclaw.exe
C:/Documents and Settings/Heidi/Lokale indstillinger/Temp/Midlertidig mappe 5 for hijackthis.zip/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [Norman ZANDA] C:/NORMAN/Nvc/BIN/ZLH.EXE /LOAD /SPLASH
O4 - HKLM/../Run: [POP Peeper] C:/Programmer/POP Peeper/POPPeeper.exe min
O4 - HKLM/../Run: [COM+ System Applications] lsas.exe
O4 - HKLM/../RunServices: [COM+ System Applications] lsas.exe
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Startup: AdsGone.lnk = C:/Programmer/AdsGone/adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:/Programmer/AdsGone/adsgone.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [ Ignorer ]   [ # 8 ]   
  Resist TeamSpywarefri
03.02.2004 00:29:13
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Luk for DCom: http://www.spywarefri.dk/tipsogtricks.htm#DCom

Gå i fejlsikret tilstand.

Gå i Start > Kør > skriv: msconfig > Start. Fjern fluebenet til venstre for lsas.exe

Fix disse:
O4 - HKLM/../Run: [COM+ System Applications] lsas.exe
O4 - HKLM/../RunServices: [COM+ System Applications] lsas.exe

Find og slet:

C:/WINDOWS/System32/lsas.exe >>>> filen lsas.exe (læg mærke til, at der kun er et “s” til sidst)

Genstart og ny log - tak

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 9 ]   
  lanther
03.02.2004 00:47:44
Antal indlæg: 15

den er genstridig hvad nu???

Logfile of HijackThis v1.97.7
Scan saved at 22:41:29, on 02-02-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/NORMAN/Nvc/BIN/ZLH.EXE
C:/Programmer/POP Peeper/POPPeeper.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/AdsGone/adsgone.exe
C:/Norman/Nvc/BIN/Zanda.exe
C:/NORMAN/Nvc/BIN/NYMSE.EXE
C:/NORMAN/Nvc/BIN/NIP.EXE
C:/Documents and Settings/Heidi/Lokale indstillinger/Temp/Midlertidig mappe 6 for hijackthis.zip/HijackThis.exe
C:/NORMAN/Nvc/BIN/NVCSCHED.EXE
C:/NORMAN/Nvc/BIN/NJEEVES.EXE
C:/NORMAN/Nvc/BIN/nvcoas.exe
C:/NORMAN/Nvc/BIN/cclaw.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [Norman ZANDA] C:/NORMAN/Nvc/BIN/ZLH.EXE /LOAD /SPLASH
O4 - HKLM/../Run: [POP Peeper] C:/Programmer/POP Peeper/POPPeeper.exe min
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Startup: AdsGone.lnk = C:/Programmer/AdsGone/adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:/Programmer/AdsGone/adsgone.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O10 - Unknown file in Winsock LSP: c:/programmer/spamfighter/proxy/proxy.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [ Ignorer ]   [ # 10 ]   
  Resist TeamSpywarefri
03.02.2004 00:55:57
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Din HijackThis-log er nu ren, og du må aktivere systemgendannelse igen wink

Få opdateret hos Microsoft (SP1 m.m.): http://v4.windowsupdate.microsoft.com/da/default.asp

Her er et link til nogle programmer, som kan gøre det lidt mere sikkert at ”bevæge” sig på Nettet: http://www.spywarefri.dk/pakken.htm

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

 
‹‹ irriterende virus /problem     pakker mapper ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves