VTW Skrevet 20. august 2005 Del Skrevet 20. august 2005 Plutselig en dag kom det opp et skilt på PC'en der det stod at et program som heter "perfect keylogger" hadde blitt instaler, og at det kom til å være der helt til jeg hadde kjøpt det. Dette kom trolig når jeg lastet ned noe til spillet RuneScape. Men jeg er ikke sikker. Er det noen som hvet hva "perfect keylogger" er for noe? Jeg har i hvertfall ikke instalert det med vilje!!! Lenke til kommentar
Sti4n Skrevet 20. august 2005 Del Skrevet 20. august 2005 Keylogger en et program som logger alle knappene du trykker på... passord osv kan da bli synlig... Går det ikke å fjerne det på vanlig måte? Lenke til kommentar
VTW Skrevet 20. august 2005 Forfatter Del Skrevet 20. august 2005 Men jeg har aldrig instalert det. Derfor vet jeg ikke hvor det ligger. Har prøvd å søke etter det med vanlig søking og viruskontroll. Men jeg finner det ikke. men jeg er nesten helt sikker på at det er et virus! Lenke til kommentar
s_M_p Skrevet 20. august 2005 Del Skrevet 20. august 2005 er ikke bare en reklame pop-up av noe slag da ? Lenke til kommentar
Tåkelys Skrevet 20. august 2005 Del Skrevet 20. august 2005 Du kan jo sjekke denne siden: http://www.anti-keylogger.net/ Lenke til kommentar
cspace Skrevet 20. august 2005 Del Skrevet 20. august 2005 se om den har en prosess kjørende, kill den og sjekk alle oppstartsnøkler i registeret. start -> kjør -> msconfig. last ned programmet autoruns fra SysInternals, den viser alt som starter opp under oppstart. Du kan dermed slette register nøkkelen og exe filen den peker til, f.eks C:\windows Lenke til kommentar
VTW Skrevet 22. august 2005 Forfatter Del Skrevet 22. august 2005 (endret) Jeg søkte med SpyBot og fant følgende: KeyloggerPro: Oppsett (Registerverdi) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEPK Denne slettet jeg, men etter et søk etter en reboot, kom den tilbake. Jeg slettet den da manuelt i Regedit. Etter enda en reboot kom den igjen tilbake. Hva kan jeg gjøre? Edit: Jeg vet ikke om det kan være til noen hjelp, men slik så det ut i Regedit: Navn | Type | Data IEPK | REG_BINARY | 67 e1 09 43 03 00 00 00 Endret 22. august 2005 av VTW Lenke til kommentar
zjulik Skrevet 22. august 2005 Del Skrevet 22. august 2005 Post HijackThis-loggen din. (sig) Lenke til kommentar
janfredrik Skrevet 22. august 2005 Del Skrevet 22. august 2005 Eller kjør Microsoft AntiSpyware. Den tar usedvanlig mange slike programmer! Lenke til kommentar
VTW Skrevet 23. august 2005 Forfatter Del Skrevet 23. august 2005 Jeg har prøvd med Microsoft AntiSpyware, men den finner det ikke. jeg prøvde med Spybot. Den fant den og slettet den. Men når jeg restartet var den tilbake igjen. Jeg har også prøvd å slette den manuelt. men det samme skjer... Lenke til kommentar
VTW Skrevet 23. august 2005 Forfatter Del Skrevet 23. august 2005 Til zjulik Logfile of HijackThis v1.99.1Scan saved at 17:02:29, on 23.08.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe D:\quicktime\qttask.exe C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe D:\Spyware Doctor\swdoctor.exe D:\AnalogX\MaxMem\maxmem.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programfiler\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\alg.exe D:\LineWire\LimeWire\LimeWire.exe C:\WINDOWS\system32\uWDF.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Eier\Skrivebord\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - Default URLSearchHook is missing O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\WINDOWS\system32\Windows Updatewb.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programfiler\TEXTware\QUICKfind\PlugIns\IEHelp.dll O2 - BHO: Local Spool Net support DLL - {EF99BD50-CDFB-11E2-892F-1090271D4F78} - C:\WINDOWS\System32\localsplnet.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Programfiler\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [e907ufdEL] C:\WINDOWS\atngyfjx.exe O4 - HKLM\..\Run: [e90ÔÁÕ]§ú"ü‰üžigÝY] C:\WINDOWS\atngyfjx.exe O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [win-xp] winis.exe O4 - HKLM\..\Run: [virtual-machine] wini.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sysxp] C:\WINDOWS\system32\sysxp.exe O4 - HKLM\..\RunServices: [win-xp] winis.exe O4 - HKLM\..\RunServices: [virtual-machine] wini.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RWipeKbdDemon] D:\R-Wipe&Clean\RWKbdD.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "D:\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\RunServices: [win-xp] winis.exe O4 - HKCU\..\RunServices: [virtual-machine] wini.exe O4 - Startup: Snarvei til maxmem.lnk = D:\AnalogX\MaxMem\maxmem.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by3fd.bay3.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5F19507F-DB46-492B-B4C6-BD0650010062}: NameServer = 82.116.64.37 212.4.36.204 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Her er den. Håper du får mer mening ut av den en meg ! Lenke til kommentar
VTW Skrevet 23. august 2005 Forfatter Del Skrevet 23. august 2005 (endret) Feilkopi! Endret 23. august 2005 av VTW Lenke til kommentar
zjulik Skrevet 23. august 2005 Del Skrevet 23. august 2005 SPYWARE: O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\WINDOWS\system32\Windows Updatewb.dll O2 - BHO: Local Spool Net support DLL - {EF99BD50-CDFB-11E2-892F-1090271D4F78} - C:\WINDOWS\System32\localsplnet.dll VIRUS: O4 - HKLM\..\Run: [e907ufdEL] C:\WINDOWS\atngyfjx.exe O4 - HKLM\..\Run: [e90ÔÁÕ]§ú"ü‰üžigÝY] C:\WINDOWS\atngyfjx.exe O4 - HKLM\..\Run: [win-xp] winis.exe O4 - HKLM\..\Run: [virtual-machine] wini.exe O4 - HKLM\..\Run: [sysxp] C:\WINDOWS\system32\sysxp.exe O4 - HKLM\..\RunServices: [win-xp] winis.exe O4 - HKLM\..\RunServices: [virtual-machine] wini.exe O4 - HKCU\..\RunServices: [win-xp] winis.exe O4 - HKCU\..\RunServices: [virtual-machine] wini.exe Kryss av og fiks disse i HijackThis. Så sletter du filene du ser sti til i linjene. Mulig du må gå inn i oppgavebehandling og avslutte prosessene (filene) for å få slettet filene. Omstart i Safe Mode og ta hele prosessen en gang til. Kjør Crap Cleaner underveis. (sig) Til slutt en vanlig omstart og så en Housecall (sig). Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå