HKRoed Skrevet 25. desember 2004 Del Skrevet 25. desember 2004 (endret) Hei! Min fader sliter litt med spyware/trojan. Når IE åpnes er det en side med linker til porr og annet dritt. Denne startsiden ligger lokalt på disken under C:\Windows og heter feks "kljdfjld.htm" Hvis jeg sletter denne filen, så blir det bare opprettet en ny fil ved neste oppstart av IE. Har funnet en *.dll fil i Temporary Internet Files med AdAware som jeg ikke får slettet. Tipper det er den som styrer dette. Denne får jeg ikke slettet, og ved oppstart i sikkermodus er den ikke der..... Har kjørt NAV2004, AdAware Pro og Spybot uten hell. Noen som vet hvordan jeg fjerner denne dritten??? Endret 25. desember 2004 av SpritHansi Lenke til kommentar
akh Skrevet 25. desember 2004 Del Skrevet 25. desember 2004 hva heter den dll-filen du ikke fikk fjernet? Sjekk om det kjører noen mistenkelige prosesser. (ctrl+alt+del) Kjør hijackthis og post loggen din her. http://www.spychecker.com/program/hijackthis.html Lenke til kommentar
HKRoed Skrevet 10. januar 2005 Forfatter Del Skrevet 10. januar 2005 Hei igjen! Litt sent svar, men håper det er godt?!?! Her er ivertfall loggen HikackThis genererte: Logfile of HijackThis v1.99.0 Scan saved at 18:17:33, on 10.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\NetScreen\NetScreen-Remote\IreIKE.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\programfiler\qttask.exe C:\WINDOWS\System32\vmmon32.exe C:\WINDOWS\System32\ifconfig.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\NetScreen\NetScreen-Remote\SafeCfg.exe C:\WINDOWS\System32\ifconfig.exe C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Programfiler\Diskeeper\DkService.exe C:\Programfiler\NetScreen\NetScreen-Remote\IPSecMon.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\System32\svchost.exe D:\Temp\hijackthis\HijackThis.exe O1 - Hosts: 66.180.173.39 www.google.ae O1 - Hosts: 66.180.173.39 www.google.am O1 - Hosts: 66.180.173.39 www.google.as O1 - Hosts: 66.180.173.39 www.google.at O1 - Hosts: 66.180.173.39 www.google.az O1 - Hosts: 66.180.173.39 www.google.be O1 - Hosts: 66.180.173.39 www.google.bi O1 - Hosts: 66.180.173.39 www.google.ca O1 - Hosts: 66.180.173.39 www.google.cd O1 - Hosts: 66.180.173.39 www.google.cg O1 - Hosts: 66.180.173.39 www.google.ch O1 - Hosts: 66.180.173.39 www.google.ci O1 - Hosts: 66.180.173.39 www.google.cl O1 - Hosts: 66.180.173.39 www.google.co.cr O1 - Hosts: 66.180.173.39 www.google.co.hu O1 - Hosts: 66.180.173.39 www.google.co.il O1 - Hosts: 66.180.173.39 www.google.co.in O1 - Hosts: 66.180.173.39 www.google.co.je O1 - Hosts: 66.180.173.39 www.google.co.jp O1 - Hosts: 66.180.173.39 www.google.co.ke O1 - Hosts: 66.180.173.39 www.google.co.kr O1 - Hosts: 66.180.173.39 www.google.co.ls O1 - Hosts: 66.180.173.39 www.google.co.nz O1 - Hosts: 66.180.173.39 www.google.co.th O1 - Hosts: 66.180.173.39 www.google.co.ug O1 - Hosts: 66.180.173.39 www.google.co.uk O1 - Hosts: 66.180.173.39 www.google.co.ve O1 - Hosts: 66.180.173.39 www.google.com O1 - Hosts: 66.180.173.39 www.google.com.ag O1 - Hosts: 66.180.173.39 www.google.com.ar O1 - Hosts: 66.180.173.39 www.google.com.au O1 - Hosts: 66.180.173.39 www.google.com.br O1 - Hosts: 66.180.173.39 www.google.com.co O1 - Hosts: 66.180.173.39 www.google.com.cu O1 - Hosts: 66.180.173.39 www.google.com.do O1 - Hosts: 66.180.173.39 www.google.com.ec O1 - Hosts: 66.180.173.39 www.google.com.fj O1 - Hosts: 66.180.173.39 www.google.com.gi O1 - Hosts: 66.180.173.39 www.google.com.gr O1 - Hosts: 66.180.173.39 www.google.com.gt O1 - Hosts: 66.180.173.39 www.google.com.hk O1 - Hosts: 66.180.173.39 www.google.com.ly O1 - Hosts: 66.180.173.39 www.google.com.mt O1 - Hosts: 66.180.173.39 www.google.com.mx O1 - Hosts: 66.180.173.39 www.google.com.my O1 - Hosts: 66.180.173.39 www.google.com.na O1 - Hosts: 66.180.173.39 www.google.com.nf O1 - Hosts: 66.180.173.39 www.google.com.ni O1 - Hosts: 66.180.173.39 www.google.com.np O1 - Hosts: 66.180.173.39 www.google.com.pa O1 - Hosts: 66.180.173.39 www.google.com.pe O1 - Hosts: 66.180.173.39 www.google.com.ph O1 - Hosts: 66.180.173.39 www.google.com.pk O1 - Hosts: 66.180.173.39 www.google.com.pr O1 - Hosts: 66.180.173.39 www.google.com.py O1 - Hosts: 66.180.173.39 www.google.com.sa O1 - Hosts: 66.180.173.39 www.google.com.sg O1 - Hosts: 66.180.173.39 www.google.com.sv O1 - Hosts: 66.180.173.39 www.google.com.tr O1 - Hosts: 66.180.173.39 www.google.com.tw O1 - Hosts: 66.180.173.39 www.google.com.ua O1 - Hosts: 66.180.173.39 www.google.com.uy O1 - Hosts: 66.180.173.39 www.google.com.vc O1 - Hosts: 66.180.173.39 www.google.com.vn O1 - Hosts: 66.180.173.39 www.google.de O1 - Hosts: 66.180.173.39 www.google.dj O1 - Hosts: 66.180.173.39 www.google.dk O1 - Hosts: 66.180.173.39 www.google.es O1 - Hosts: 66.180.173.39 www.google.fi O1 - Hosts: 66.180.173.39 www.google.fm O1 - Hosts: 66.180.173.39 www.google.fr O1 - Hosts: 66.180.173.39 www.google.gg O1 - Hosts: 66.180.173.39 www.google.gl O1 - Hosts: 66.180.173.39 www.google.gm O1 - Hosts: 66.180.173.39 www.google.hn O1 - Hosts: 66.180.173.39 www.google.ie O1 - Hosts: 66.180.173.39 www.google.it O1 - Hosts: 66.180.173.39 www.google.kz O1 - Hosts: 66.180.173.39 www.google.li O1 - Hosts: 66.180.173.39 www.google.lt O1 - Hosts: 66.180.173.39 www.google.lu O1 - Hosts: 66.180.173.39 www.google.lv O1 - Hosts: 66.180.173.39 www.google.mn O1 - Hosts: 66.180.173.39 www.google.ms O1 - Hosts: 66.180.173.39 www.google.mu O1 - Hosts: 66.180.173.39 www.google.mw O1 - Hosts: 66.180.173.39 www.google.nl O1 - Hosts: 66.180.173.39 www.google.no O1 - Hosts: 66.180.173.39 www.google.off.ai O1 - Hosts: 66.180.173.39 www.google.pl O1 - Hosts: 66.180.173.39 www.google.pn O1 - Hosts: 66.180.173.39 www.google.pt O1 - Hosts: 66.180.173.39 www.google.ro O1 - Hosts: 66.180.173.39 www.google.ru O1 - Hosts: 66.180.173.39 www.google.rw O1 - Hosts: 66.180.173.39 www.google.se O1 - Hosts: 66.180.173.39 www.google.sh O1 - Hosts: 66.180.173.39 www.google.sk O1 - Hosts: 66.180.173.39 www.google.sm O1 - Hosts: 66.180.173.39 www.google.td O1 - Hosts: 66.180.173.39 www.google.tm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat Reader 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Dagfinn\LOKALE~1\Temp\leornpvnfjq.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\GoogleToolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\GoogleToolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~2\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\programfiler\qttask.exe" -atboottime O4 - HKLM\..\Run: [VMMON32] C:\WINDOWS\System32\vmmon32.exe O4 - HKLM\..\Run: [ifconfig.exe] C:\WINDOWS\System32\ifconfig.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: NetScreen-Remote.lnk = C:\Programfiler\NetScreen\NetScreen-Remote\SafeCfg.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programfiler\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .mp3: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpeg: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .tif: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin5.dll O23 - Service: Adobe Active File Monitor - Unknown - C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Diskeeper\DkService.exe O23 - Service: SafeNet Monitor Service - SafeNet - C:\Programfiler\NetScreen\NetScreen-Remote\IPSecMon.exe O23 - Service: SafeNet IKE Service - SafeNet - C:\Programfiler\NetScreen\NetScreen-Remote\IreIKE.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: Photoshop Elements Device Connect - Unknown - C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~2\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Lenke til kommentar
Manoz Skrevet 10. januar 2005 Del Skrevet 10. januar 2005 (endret) Har du prøvd å logge deg inn som "administrator" og slette alle filene i temp mappene der i fra? Leste en plass at det kunne hjelpe. *editzor* -> Hvorfor ikke installere SP2 Endret 10. januar 2005 av Manoz Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå