Gå til innhold

Trojan horse Lop.AS lo1[1] *LØST*


Anbefalte innlegg

Hvert 2. minutt får jeg en melding om en "Trojan horse Lop.AS" fil. :cry:

Den ligger i Mine mottatte filer\Temporary Internet Files\Content.IE5\JRN50M6A og heter lo1[1].

 

Noen som kjenner til den? Selvom jeg healer, sletter eller flytter filen i "fengsel" så bare lager den seg selv på nytt! Jeg kan ekskludere resident shield fra å søke i Temporary Internet Files men det må jo være noe! :(

 

Jeg får også andre typer Trojan horse i blandt.

 

Jeg bruker AVG 7.5, men jeg har også ZoneAlarm pro.

Endret av marcen_f
Lenke til kommentar
Videoannonse
Annonse
Gjest medlem-105082

Kjør en scan med SAS, oppdater, kjør og slett alt den finner.

 

Last ned HJT, endre navnet "hijackthis" til "test, kjør programmet og legg ut en logg her.

 

Last ned CCleaner, innstaler og kjør.

 

Edit: Prøvd å slette filen/mappen?

Endret av medlem-105082
Lenke til kommentar
Kjør en scan med SAS, oppdater, kjør og slett alt den finner.

 

Last ned HJT, endre navnet "hijackthis" til "test, kjør programmet og legg ut en logg her.

 

Last ned CCleaner, innstaler og kjør.

 

Edit: Prøvd å slette filen/mappen?

7768820[/snapback]

 

Har gjort alt dette nå, hadde CCleaner fra før av;)

 

SAS fant ca 150 forskjellige filer/memory/registry, men ikke den filen jeg nevnte!

 

Har prøvd å slette filen og mappen, men den dukker opp på nytt, er kanskje en prosess som kjører, som sørger for at filen er der. Hadde jeg funnet prosesen kunne jeg kankje ha stoppet den, men AVG finner ingen prosess det er noe galt med.

 

Har tatt en test med HJT og her er loggen (vet personlig ikke hva jeg leter etter eller hva som står der, så håper ikke det står noe "hemmelig" der) :p :

 

Red: Oppdaterte HJT loggen!

 

Logfile of HijackThis v1.99.1

Scan saved at 00:49:16, on 22.01.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\winmech\NTSERV~1\srunner.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\AutoSizer\AutoSizer.exe

C:\Program Files\Personal Reminder\PersonalReminder.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\WINDOWS\system32\ZoneLabs\isafe.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\mmc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Marcusf\My Documents\Stæsj\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvnor.moo.no/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.26.100.10:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WSR_IEplug - {4E9CAE1A-545D-48EA-8EEF-4D1DB6695AD3} - C:\Program Files\Sytexis Software\Web Stream Recorder\wsr_ieplug.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"

O4 - HKCU\..\Run: [startupPersonalReminder] C:\Program Files\Personal Reminder\PersonalReminder.exe

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O15 - Trusted Zone: http://www.tvnor.tii.dk

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe

 

noen som finner noe ikke bra? :ph34r:

Endret av marcen_f
Lenke til kommentar

Last ned DrWeb

 

Restart i sikker modus

Kjør drweb-cureit.exe (si ja til å kjøre en express scan)

Når dette er ferdig klikker du på Option -> Change settings.

Under fanearket Scan, fjerner du haken ved Heuristic analysis.

Under fanearket Actions, skal alle punkt under Malware settes til Rename.

Velg partisjon du vil scanne og klikk deretter på den grønne pilen for

å starte scanningen. Velg "yes to all" når det finner noe for første gang.

 

Restart i normal modus

 

Gå til http://www.virustotal.com/en/indexx.html og sjekk følgende fil:

C:\WINDOWS\winmech\NTSERV~1\srunner.exe

Lenke til kommentar
Last ned DrWeb

 

Restart i sikker modus

Kjør drweb-cureit.exe (si ja til å kjøre en express scan)

Når dette er ferdig klikker du på Option -> Change settings.

Under fanearket Scan, fjerner du haken ved Heuristic analysis.

Under fanearket Actions, skal alle punkt under Malware settes til Rename.

Velg partisjon du vil scanne og klikk deretter på den grønne pilen for

å starte scanningen. Velg "yes to all" når det finner noe for første gang.

 

Restart i normal modus

 

Gå til http://www.virustotal.com/en/indexx.html og sjekk følgende fil:

C:\WINDOWS\winmech\NTSERV~1\srunner.exe

7773584[/snapback]

 

Takk for tipset! Når jeg søkte på virustotal var den borte før jeg hadde kjørt dr.web, men jeg kjørte dr.web i safe mode like vel, den fant mange! :thumbup:

 

Tror jeg er kvitt alle problemene nå, etter bare å ha brukt ca ti forskjellige programmer :p

 

:w00t:

Lenke til kommentar

Logfile of HijackThis v1.99.1

Scan saved at 21:11:27, on 22.01.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\ZoneLabs\isafe.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WgaTray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\AutoSizer\AutoSizer.exe

C:\Program Files\Personal Reminder\PersonalReminder.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Marcusf\My Documents\Stæsj\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvnor.moo.no/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.26.100.10:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WSR_IEplug - {4E9CAE1A-545D-48EA-8EEF-4D1DB6695AD3} - C:\Program Files\Sytexis Software\Web Stream Recorder\wsr_ieplug.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"

O4 - HKCU\..\Run: [startupPersonalReminder] C:\Program Files\Personal Reminder\PersonalReminder.exe

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O15 - Trusted Zone: http://www.tvnor.tii.dk

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe (file missing)

 

Hva er det med den srunner, det står jo at den er missing, så hvorfor er den listet opp? Mappen C:\WINDOWS\winmech\ finnes ikke engang, har slettet den! :confused:

 

Edit:

Gå til http://www.virustotal.com/en/indexx.html og sjekk følgende fil:

C:\WINDOWS\winmech\NTSERV~1\srunner.exe

Dette funker ikke nå, det bare står uploading file (kanskje fordi den ikke er der!?)

Endret av marcen_f
Lenke til kommentar
Gjest medlem-105082

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll ------ Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.

 

Hva sier du Norbat?

Endret av medlem-105082
Lenke til kommentar
Det du kan prøve å gjøre er følgende:

 

Kjør HJT og fix:

O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe (file missing)

 

Gå til Start->Kjør, skriv: sc delete winmech

 

Loggen din ser forøvrig greit ut.

7778525[/snapback]

 

Konge :w00t:

Når jeg bare fikset den, kom den opp igjen ved neste scan, men den "kjør delete" greia gjorde susen, nå er den BORTE.

 

Når vi er inne på det, hva med denne? er "missing" den å!?

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

Til Einstein, takk til deg å for alle tips. c:\program files\microsoft firewall client 2004\fwcwsp.dll har noe med skolenettet å gjøre, så tror ikke jeg skal klusse med den :p

Lenke til kommentar
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll ------ Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.

 

Hva sier du Norbat?

7778522[/snapback]

 

 

En rask google ga et beroligende svar :)

Lenke til kommentar

Men hva med O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)?

 

 

Edit: GLEM DET! Bare uninstalerte winpcap og den var borte :whistle:

 

Hvilke programmer burde jeg ha for å holde meg unna spyware/adaware og diverse annet crap? har nå

AVG

ZoneAlarm

Ad-Aware SE Pro

Super anti spyware

spyware doctor

CCleaner

Spyware blaster

Spybot S&D

RegSupremePro

Dr. Web

 

Trenger kanskje strengt tatt ikke ti stykker :p

Hvilke anbefaller du å legge til/trekke fra, og hvilke overlapper hverandre?

Endret av marcen_f
Lenke til kommentar
Men hva med O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)?

 

 

Edit: GLEM DET! Bare uninstalerte winpcap og den var borte :whistle:

 

Hvilke programmer burde jeg ha for å holde meg  unna spyware/adaware og diverse annet crap? har nå

AVG

ZoneAlarm

Ad-Aware SE Pro

Super anti spyware

spyware doctor

CCleaner

Spyware blaster

Spybot S&D

RegSupremePro

Dr. Web

 

Trenger kanskje strengt tatt ikke ti stykker  :p

Hvilke anbefaller du å legge til/trekke fra, og hvilke overlapper hverandre?

7778723[/snapback]

 

 

WinPcap er et verktøy for nettverkanalyse. Denne meldingen kommer antakelig fordi programmet ikke er helt riktig installert. Helt greit at du avinstallerte - i allefall om du ikke bruker programmet. :)

 

 

AVG Antivirus er et godt antivirusprogram og er et godt alt. til de som koster penger.

 

ZoneAlarm er en brannmur. Ingen erfaring med den, men sikker bedre en windows sin?

 

Spyware doctor er et meget bra program, men er ikke gratis.

Det er derimot Superantispyware og AVG AntiSpyware , to meget gode antispywareprogram.

 

Spyware blaster fjerner ikke spyware, men forhindrer at det kommer inn.

 

CCleaner er et kjekt program.

 

Resten av de du lister opp kan du sikkert avintallere.

 

I tillegg er det greit å holde seg unna /være forsiktig med fildelingsprogram, være litt kritisk til meldinger som spretter fram i nettleseren og holde seg unna lugubre nettsider ;)

Endret av norbat
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...