Just nu i M3-nätverket
Jump to content

Envis Keylogger


Lapplasse

Recommended Posts

Jag har ett rensprogram som heter Advanced System Optimizer.Det hittar en spion: WebMailSpy,

Keylogger(File).Programmet tar bort den men den återkommer som en envis åsna.

 

Har försökt med en 30-dagars version av SpySubtrakt PRO 2.60 och Spyhunter men de hittar inte den onde.

 

Hur kan jag rensa bort den för gott?

 

Lars

 

Link to comment
Share on other sites

 

keylogger låter som nåt som adaware 1.05 eller spybot search and destroy skulle kunna ta bort. uppdatera programmen innan du använder dom.

 

hjälper det inte ändå så posta en hijack this logg här

 

Link to comment
Share on other sites

AdAware uppdaterad,fann ingenting.SS&d har inget om skummisen heller.

Här är loggen.

Logfile of HijackThis v1.98.2

Scan saved at 14:56:40, on 10/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Agnitum\OUTPOS~1\outpost.exe

C:\Program\Panda Software\Panda Antivirus Titanium\PAVSRV51.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE

C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE

C:\Program\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\Geek Superhero\GeekSuperhero.exe

C:\Program\ICC\ICC.EXE

C:\Program\C Technologies\C-Pen 10\CPen10.exe

C:\Program\SpySub.exe

C:\Program\Geek Superhero\GeekSuperhero.exe

C:\Program\Panda Software\Panda Antivirus Titanium\pavProxy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Hijack\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: GeekSuperheroBHO Class - {1FEA39D6-46B3-4F66-BC38-4839CFE198EA} - C:\Program\Geek Superhero\GeekSuperHeroSlapdown.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program\Advanced System Optimizer\IEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {7891da15-428e-11d7-bcc1-00a024831a8c} - (no file)

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [Geek Superhero] C:\Program\Geek Superhero\GeekSuperhero.exe

O4 - HKLM\..\Run: [Outpost Firewall] C:\Program\Agnitum\OUTPOS~1\outpost.exe /waitservice

O4 - HKLM\..\RunServicesOnce: [CCWC7I] C:\Program\MoleculeSoft\Cleaner77\idxl.exe

O4 - HKCU\..\Run: [iCC] C:\Program\ICC\ICC.EXE

O4 - HKCU\..\RunServicesOnce: [CCWC7I] C:\Program\MoleculeSoft\Cleaner77\idxl.exe

O4 - Global Startup: C-Pen 10.lnk = ?

O4 - Global Startup: SpySubtract.lnk = C:\Program\SpySub.exe

O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - C:\Program\Geek Superhero\GeekSuperHeroBugSwat.dll

O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program\Geek Superhero\GeekSuperHeroSlapdown.dll

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098115613140

O17 - HKLM\System\CCS\Services\Tcpip\..\{54D1BFCC-5FB8-4E9F-BEED-B335C04E1EC9}: NameServer = 195.67.199.3,195.67.199.4

 

Hälsn.

Lars

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...