/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål
Login
Glemt dit kodeord? 		Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
hej Arlet så er den gal igen !!
Fra : tcolsen 		Vist : 497 gange
100 point
Dato : 22-06-04 20:19
hi jack filen er som følger :
Logfile of HijackThis v1.97.7
Scan saved at 20:13:18, on 22-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System\plugin.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\Nvc\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\devldr32.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jp.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 213.203.193.164 thirdforum.org
O1 - Hosts: 213.203.193.164 www.thirdforum.org
O1 - Hosts: 213.203.193.164 www.symynet.com
O1 - Hosts: 213.203.193.164 symynet.com
O1 - Hosts: 213.203.193.164 www.soft-ware.net
O1 - Hosts: 213.203.193.164 soft-ware.net
O1 - Hosts: 213.203.193.164 www.shareware.deep-ice.com
O1 - Hosts: 213.203.193.164 shareware.deep-ice.com
O1 - Hosts: 213.203.193.164 www.reacteur.com
O1 - Hosts: 213.203.193.164 reacteur.com
O1 - Hosts: 213.203.193.164 nysite.it
O1 - Hosts: 213.203.193.164 www.nysite.it
O1 - Hosts: 213.203.193.164 www.mysimon.search.com.com
O1 - Hosts: 213.203.193.164 mysimon.search.com.com
O1 - Hosts: 213.203.193.164 multimedia.ftpk.net
O1 - Hosts: 213.203.193.164 www.multimedia.ftpk.net
O1 - Hosts: 213.203.193.164 mindonwheels.com
O1 - Hosts: 213.203.193.164 www.mindonwheels.com
O1 - Hosts: 213.203.193.164 www.metaeureka.com
O1 - Hosts: 213.203.193.164 www.k-litecodecpack.com
O1 - Hosts: 213.203.193.164 metaeureka.com
O1 - Hosts: 213.203.193.164 www.klboard.ath.cx
O1 - Hosts: 213.203.193.164 k-litecodecpack.com
O1 - Hosts: 213.203.193.164 klboard.ath.cx
O1 - Hosts: 213.203.193.164 www.kazza.abandonware.nu
O1 - Hosts: 213.203.193.164 kazza.abandonware.nu
O1 - Hosts: 213.203.193.164 www.kazaa-lite.de.tc
O1 - Hosts: 213.203.193.164 kazaa-lite.de.tc
O1 - Hosts: 213.203.193.164 www.kazaa-light.de.vu
O1 - Hosts: 213.203.193.164 kazaa-light.de.vu
O1 - Hosts: 213.203.193.164 www.kazaa-light.de.tc
O1 - Hosts: 213.203.193.164 kazaa-light.de.tc
O1 - Hosts: 213.203.193.164 home.hccnet.nl
O1 - Hosts: 213.203.193.164 www.home.hccnet.nl
O1 - Hosts: 213.203.193.164 www.download.freeweb-hosting.com
O1 - Hosts: 213.203.193.164 www.aldostools.com
O1 - Hosts: 213.203.193.164 aldostools.com
O1 - Hosts: 213.203.193.164 addlogs.de
O1 - Hosts: 213.203.193.164 www.addlogs.de
O1 - Hosts: 213.203.193.164 www.zuccaweb.it
O1 - Hosts: 213.203.193.164 zuccaweb.it
O1 - Hosts: 213.203.193.164 zeropaid.com
O1 - Hosts: 213.203.193.164 www.tvdance.com
O1 - Hosts: 213.203.193.164 tvdance.com
O1 - Hosts: 213.203.193.164 www.telecharger.01net.com
O1 - Hosts: 213.203.193.164 www.softdepia.com
O1 - Hosts: 213.203.193.164 telecharger.01net.com
O1 - Hosts: 213.203.193.164 softdepia.com
O1 - Hosts: 213.203.193.164 www.sofotex.com
O1 - Hosts: 213.203.193.164 sofotex.com
O1 - Hosts: 213.203.193.164 www.runterladen.de
O1 - Hosts: 213.203.193.164 paulkaza.com
O1 - Hosts: 213.203.193.164 www.paulkaza.com
O1 - Hosts: 213.203.193.164 runterladen.de
O1 - Hosts: 213.203.193.164 www.paint-effects.co.uk
O1 - Hosts: 213.203.193.164 www.p2p.at-web.de
O1 - Hosts: 213.203.193.164 paint-effects.co.uk
O1 - Hosts: 213.203.193.164 oldversion.com
O1 - Hosts: 213.203.193.164 www.nutzwerk.de
O1 - Hosts: 213.203.193.164 nutzwerk.de
O1 - Hosts: 213.203.193.164 www.nuke.hun.edu.tr
O1 - Hosts: 213.203.193.164 nuke.hun.edu.tr
O1 - Hosts: 213.203.193.164 www.nationalreview.com
O1 - Hosts: 213.203.193.164 nationalreview.com
O1 - Hosts: 213.203.193.164 www.napstermp3.com
O1 - Hosts: 213.203.193.164 napstermp3.com
O1 - Hosts: 213.203.193.164 mpex.net
O1 - Hosts: 213.203.193.164 www.microchem.dk
O1 - Hosts: 213.203.193.164 microchem.dk
O1 - Hosts: 213.203.193.164 www.linguasphere.org
O1 - Hosts: 213.203.193.164 linguasphere.org
O1 - Hosts: 213.203.193.164 k-lite.tk
O1 - Hosts: 213.203.193.164 www.kazaaplus.com
O1 - Hosts: 213.203.193.164 kazaaplus.com
O1 - Hosts: 213.203.193.164 kazaalite.nl
O1 - Hosts: 213.203.193.164 kazaalite.de
O1 - Hosts: 213.203.193.164 kazaalite.com
O1 - Hosts: 213.203.193.164 kazaagold.com
O1 - Hosts: 213.203.193.164 www.kazaagold.com
O1 - Hosts: 213.203.193.164 www.kazaa-file-sharing-downloads.com
O1 - Hosts: 213.203.193.164 kazaa-file-sharing-downloads.com
O1 - Hosts: 213.203.193.164 www.kazaa-download-accelerator.com
O1 - Hosts: 213.203.193.164 kazaa-download-accelerator.com
O1 - Hosts: 213.203.193.164 www.kazaa-download.de.pn
O1 - Hosts: 213.203.193.164 kazaa-download.de.pn
O1 - Hosts: 213.203.193.164 www.kazaa.infos-du-net.com
O1 - Hosts: 213.203.193.164 kazaa.infos-du-net.com
O1 - Hosts: 213.203.193.164 kazaa.de
O1 - Hosts: 213.203.193.164 kazaa.com
O1 - Hosts: 213.203.193.164 www.kaza.de.tc
O1 - Hosts: 213.203.193.164 kaza.de.tc
O1 - Hosts: 213.203.193.164 www.juszczakiewicz.pl
O1 - Hosts: 213.203.193.164 juszczakiewicz.pl
O1 - Hosts: 213.203.193.164 www.jolster.nu
O1 - Hosts: 213.203.193.164 jolster.nu
O1 - Hosts: 213.203.193.164 www.imilly.com
O1 - Hosts: 213.203.193.164 imilly.com
O1 - Hosts: 213.203.193.164 www.icisnet.org
O1 - Hosts: 213.203.193.164 icisnet.org
O1 - Hosts: 213.203.193.164 www.globalshareware.com
O1 - Hosts: 213.203.193.164 www.gef.be.ch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System] C:\WINDOWS\System\plugin.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38053.2397916667
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab



 
 
Kommentar
Fra : arlet

Dato : 22-06-04 20:24
ja, det kan jeg se*S*

kigger på den med det samme

Kommentar
Fra : arlet

Dato : 22-06-04 20:26
Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jp.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

ALLE 01

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System] C:\WINDOWS\System\plugin.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE


Find og slet i fejlsikret(f8 ved opstart):


C:\WINDOWS\System\plugin.exe


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.

Kommentar
Fra : tcolsen

Dato : 22-06-04 20:43
Logfile of HijackThis v1.97.7
Scan saved at 20:39:06, on 22-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\Nvc\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\WINDOWS\System32\devldr32.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
D:\driver\hijackthis\HijackThis.exe
C:\NORMAN\Nvc\BIN\cclaw.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jp.dk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38053.2397916667
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab


Kommentar
Fra : arlet

Dato : 22-06-04 20:46
Så er du ren og kan aktiver din systemgendannelse igen

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm


Og nu er der fodbold

Fortsat god aften

Kommentar
Fra : tcolsen

Dato : 22-06-04 20:47
hej Arlet
Hvad er disse backup file der ligger på c- drev:20040622-203046-625 der vel 70 stk


Kommentar
Fra : arlet

Dato : 22-06-04 21:38
Dem sletter du bare*S*

Du har følgende muligheder
Dette spørgsmål er blevet annulleret, det er derfor ikke muligt for at tilføje flere kommentarer.
Søg
Reklame
Statistik
Spørgsmål : 177417
Tips : 31962
Nyheder : 719565
Indlæg : 6407864
Brugere : 218876
Månedens bedste
Årets bedste
Sidste års bedste
Copyright © 2000-2024 kandu.dk. Alle rettigheder forbeholdes.