V?rbris Skrevet 20. februar 2007 Del Skrevet 20. februar 2007 Under bruk av internett fikk jeg spørsmål om og kjøre script, tror dette var macromedia flashplayer 6, har aldri fått slike spørsmål tidligere desuten hengte maskinen seg ett øyeblikk. Tok da en sjekk i safe mode og fant: objekt A0123464.exe A0123528.exe A0123206.exe staus tool.prockill med dr.web, dette ble betegnet som 3 stk virus under stasjon d system volum information dvs hacktool. kjørte først express scan, fant intet, så under hovedscan fant jeg ovennevne filer etter og ha fjernet hake ved heurastic og krysset av for rename ved malware, hacktool osv. Lastet så ned nyere versjon av dr.web ( 5 dg nyere ), fant så disse 3 filer under system volum information disk c: A0123464#xe A0123528#xe A0123206#xe Disse filer ble renamed med dr.web Har også kjørt nexgenfix, windows virus-sjekk, avg free edition, ccleaner, spyboot, avg antispy full edition, spyboot, adaware, superantispy med flere uten og finne noe. Fant ikke noe om tool.prockill på google under Norske sider, men på utenlandske var det endel, er det noen som har vært borti dette, og er jeg kvitt dette med og kjøre rename med dr.web Mente å finne ut at det var en variant av trojanertype, og må ha fått det nylig. Noen med råd og opplysninger? Lenke til kommentar
Gjest medlem-105082 Skrevet 20. februar 2007 Del Skrevet 20. februar 2007 Last ned HijackThis, endre filnavnet til test, kjør og legg ut en logg. Lenke til kommentar
V?rbris Skrevet 20. februar 2007 Forfatter Del Skrevet 20. februar 2007 (endret) Har kjørt ny test og funnet flere såkakte infiserte filer bla. prosess.exe Men her er highjacklogg: Logfile of HijackThis v1.99.1 Scan saved at 15:52:30, on 20.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\Ahead\InCD\InCD.exe D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe D:\div antivirus\SUPERAntiSpyware.exe D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\sistray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe D:\test\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\div antivirus\SUPERAntiSpyware.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143721970843 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\div antivirus\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programfiler\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programfiler\Ahead\InCD\InCDsrv.exe Er nesten sikker på at det er noe, men vet ikke hva, har hatt en anelse om at det har vært noe på gang, men finner ikke noe annet en med dr.web og da en del filer under benevnelse tool.prockill Fikk for noen dager siden ved scan beskjed om forandring ved win.32.dll ? dette etter en større windowsoppdatering, ved nærmere ettersyn var det betegnet som virus, men jeg godtok forandring da jeg trodde det var forandringer grunnet windows oppdateringer. Endret 20. februar 2007 av ulfjoh01 Lenke til kommentar
norbat Skrevet 20. februar 2007 Del Skrevet 20. februar 2007 Loggen din ser fin ut. Disse A*****.exe filene ligger/lå nok i _restor-mappa. Det du kan gjøre er: 'Nullstille' gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Last ned CCleaner og rens ut temp-filene. Oppdater antivirusprogarmmet ditt og kjør en full scan. Lenke til kommentar
V?rbris Skrevet 20. februar 2007 Forfatter Del Skrevet 20. februar 2007 Ja prøvde en type scanner fra kasparsky, og den fant 5 stk errors ingen virus eller annet. Lenke til kommentar
V?rbris Skrevet 20. februar 2007 Forfatter Del Skrevet 20. februar 2007 (endret) Har gjort som du sa, kjørte i safe mode, fant ingenting med avg, men 1 stk fil hos dr.web under hacktool dette var process.#xe c:\windows\system32 - status tool.prockill Har ikke funnet noe om dette navnet på Norske sider og vet ikke om det er reelt men legger ved logg fra dr.web og takker for hjelpa. ( Kjørte først en express scan som ikke fant noe krysset så av for huaristic? og kun report under malware og videre nedover) Må få tilføre at jeg overhode har funnet noe på de øvrige antivirus-program som kjøres manuelt, det samme med flere spy / adaware program, kun ett par velkjente tracking cookies som dukker opp hver dag ikke noe annet. ============== ============================================================================= Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10060) Copyright © Igor Daniloff, 1992-2006 Log generated on: 2007-02-20, 22:12:00 [ulf Johansen] Command-line: "C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.5.10110) Engine API version: 2.01 [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 334 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43369.cdb - 687 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43361.cdb - 878 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43360.cdb - 988 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 419 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 834 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records [Virus base] C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 177650 Key file: C:\DOCUME~1\ULFJOH~1\LOKALE~1\Temp\RarSFX0\cureit.key License key number: 0010092936 Registered to: Dr.Web CureIt Project License key activates: 2007-02-05 License key expires: 2010-02-11 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [scan path] c:\documents and settings\all users\start-meny\programmer\oppstart\desktop.ini [scan path] c:\documents and settings\ulf johansen\lokale innstillinger\temp\rarsfx0\_start.exe [scan path] c:\documents and settings\ulf johansen\lokale innstillinger\temp\rarsfx0\cureit.exe [scan path] c:\documents and settings\ulf johansen\start-meny\programmer\oppstart\desktop.ini [scan path] c:\programfiler\ahead\incd\incd.exe [scan path] c:\programfiler\ahead\incd\incdshx.dll [scan path] c:\programfiler\ahead\incd\incdsrv.exe [scan path] c:\programfiler\canon\easy-webprint\toolband.dll [scan path] c:\programfiler\fellesfiler\installshield\driver\11\intel 32\idrivert.exe [scan path] c:\programfiler\fellesfiler\microsoft shared\information retrieval\msitss.dll [scan path] c:\programfiler\fellesfiler\microsoft shared\office11\msoxmlmf.dll [scan path] c:\programfiler\fellesfiler\microsoft shared\source engine\ose.exe [scan path] c:\programfiler\fellesfiler\microsoft shared\vs7debug\mdm.exe [scan path] c:\programfiler\fellesfiler\microsoft shared\web components\10\owc10.dll [scan path] c:\programfiler\fellesfiler\microsoft shared\web components\11\owc11.dll [scan path] c:\programfiler\fellesfiler\microsoft shared\web folders\msonsext.dll [scan path] c:\programfiler\fellesfiler\skype\skype4com.dll [scan path] c:\programfiler\fellesfiler\system\ole db\oledb32.dll [scan path] c:\programfiler\grisoft\avg free\avgamsvr.exe [scan path] c:\programfiler\grisoft\avg free\avgcc.exe [scan path] c:\programfiler\grisoft\avg free\avgemc.exe [scan path] c:\programfiler\grisoft\avg free\avgse.dll [scan path] c:\programfiler\grisoft\avg free\avgupsvc.exe [scan path] c:\programfiler\grisoft\avg free\avgw.exe [scan path] c:\programfiler\java\jre1.5.0_03\bin\jusched.exe [scan path] c:\programfiler\messenger\msmsgs.exe [scan path] c:\programfiler\microsoft office\office11\mlshext.dll [scan path] c:\programfiler\microsoft office\office11\msohev.dll [scan path] c:\programfiler\microsoft office\office11\olkfstub.dll [scan path] c:\programfiler\outlook express\setup50.exe [scan path] c:\programfiler\outlook express\wabfind.dll [scan path] c:\programfiler\windows defender\mpshhook.dll [scan path] c:\programfiler\windows defender\msascui.exe [scan path] c:\programfiler\windows defender\msmpeng.exe [scan path] c:\programfiler\windows media connect 2\wmccds.exe [scan path] c:\windows\explorer.exe [scan path] c:\windows\inf\unregmp2.exe [scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe [scan path] c:\windows\msagent\agentpsh.dll [scan path] c:\windows\network diagnostic\xpnetdiag.exe [scan path] c:\windows\soundman.exe [scan path] c:\windows\system32\advapi32.dll [scan path] c:\windows\system32\advpack.dll [scan path] c:\windows\system32\alg.exe [scan path] c:\windows\system32\appwiz.cpl [scan path] c:\windows\system32\audiodev.dll [scan path] c:\windows\system32\autochk.exe [scan path] c:\windows\system32\browseui.dll [scan path] c:\windows\system32\cabview.dll [scan path] c:\windows\system32\cisvc.exe [scan path] c:\windows\system32\clipsrv.exe [scan path] c:\windows\system32\cnbjmon.dll [scan path] c:\windows\system32\cnmlm6s.dll [scan path] c:\windows\system32\comdlg32.dll [scan path] c:\windows\system32\crypt32.dll [scan path] c:\windows\system32\cryptext.dll [scan path] c:\windows\system32\cryptnet.dll [scan path] c:\windows\system32\cscdll.dll [scan path] c:\windows\system32\cscui.dll [scan path] c:\windows\system32\csrss.exe [scan path] c:\windows\system32\ctfmon.exe [scan path] c:\windows\system32\deskadp.dll [scan path] c:\windows\system32\deskmon.dll [scan path] c:\windows\system32\deskperf.dll [scan path] c:\windows\system32\dfsshlex.dll [scan path] c:\windows\system32\diskcopy.dll [scan path] c:\windows\system32\dllhost.exe [scan path] c:\windows\system32\dmadmin.exe [scan path] c:\windows\system32\docprop.dll [scan path] c:\windows\system32\docprop2.dll [scan path] c:\windows\system32\drivers\acpi.sys [scan path] c:\windows\system32\drivers\aec.sys [scan path] c:\windows\system32\drivers\afd.sys [scan path] c:\windows\system32\drivers\alcxwdm.sys [scan path] c:\windows\system32\drivers\an983.sys [scan path] c:\windows\system32\drivers\arp1394.sys [scan path] c:\windows\system32\drivers\asyncmac.sys [scan path] c:\windows\system32\drivers\atapi.sys [scan path] c:\windows\system32\drivers\atmarpc.sys [scan path] c:\windows\system32\drivers\audstub.sys [scan path] c:\windows\system32\drivers\avg7core.sys [scan path] c:\windows\system32\drivers\avg7rsw.sys [scan path] c:\windows\system32\drivers\avg7rsxp.sys [scan path] c:\windows\system32\drivers\avgascln.sys [scan path] c:\windows\system32\drivers\avgclean.sys [scan path] c:\windows\system32\drivers\avgtdi.sys [scan path] c:\windows\system32\drivers\cdrom.sys [scan path] c:\windows\system32\drivers\disk.sys [scan path] c:\windows\system32\drivers\dmboot.sys [scan path] c:\windows\system32\drivers\dmio.sys [scan path] c:\windows\system32\drivers\dmload.sys [scan path] c:\windows\system32\drivers\dmusic.sys [scan path] c:\windows\system32\drivers\drmkaud.sys [scan path] c:\windows\system32\drivers\fdc.sys [scan path] c:\windows\system32\drivers\flpydisk.sys [scan path] c:\windows\system32\drivers\fltmgr.sys [scan path] c:\windows\system32\drivers\ftdisk.sys [scan path] c:\windows\system32\drivers\http.sys [scan path] c:\windows\system32\drivers\i8042prt.sys [scan path] c:\windows\system32\drivers\imapi.sys [scan path] c:\windows\system32\drivers\incdpass.sys [scan path] c:\windows\system32\drivers\intelppm.sys [scan path] c:\windows\system32\drivers\ip6fw.sys [scan path] c:\windows\system32\drivers\ipfltdrv.sys [scan path] c:\windows\system32\drivers\ipinip.sys [scan path] c:\windows\system32\drivers\ipnat.sys [scan path] c:\windows\system32\drivers\ipsec.sys [scan path] c:\windows\system32\drivers\irenum.sys [scan path] c:\windows\system32\drivers\isapnp.sys [scan path] c:\windows\system32\drivers\kbdclass.sys [scan path] c:\windows\system32\drivers\kmixer.sys [scan path] c:\windows\system32\drivers\mouclass.sys [scan path] c:\windows\system32\drivers\mrxdav.sys [scan path] c:\windows\system32\drivers\mrxsmb.sys [scan path] c:\windows\system32\drivers\msgpc.sys [scan path] c:\windows\system32\drivers\mskssrv.sys [scan path] c:\windows\system32\drivers\mspclock.sys [scan path] c:\windows\system32\drivers\mspqm.sys [scan path] c:\windows\system32\drivers\mssmbios.sys [scan path] c:\windows\system32\drivers\ndistapi.sys [scan path] c:\windows\system32\drivers\ndisuio.sys [scan path] c:\windows\system32\drivers\ndiswan.sys [scan path] c:\windows\system32\drivers\netbios.sys [scan path] c:\windows\system32\drivers\netbt.sys [scan path] c:\windows\system32\drivers\nic1394.sys [scan path] c:\windows\system32\drivers\nwlnkflt.sys [scan path] c:\windows\system32\drivers\nwlnkfwd.sys [scan path] c:\windows\system32\drivers\ohci1394.sys [scan path] c:\windows\system32\drivers\parport.sys [scan path] c:\windows\system32\drivers\pci.sys [scan path] c:\windows\system32\drivers\pciide.sys [scan path] c:\windows\system32\drivers\psched.sys [scan path] c:\windows\system32\drivers\ptilink.sys [scan path] c:\windows\system32\drivers\rasacd.sys [scan path] c:\windows\system32\drivers\rasl2tp.sys [scan path] c:\windows\system32\drivers\raspppoe.sys [scan path] c:\windows\system32\drivers\raspptp.sys [scan path] c:\windows\system32\drivers\raspti.sys [scan path] c:\windows\system32\drivers\rdbss.sys [scan path] c:\windows\system32\drivers\rdpcdd.sys [scan path] c:\windows\system32\drivers\rdpdr.sys [scan path] c:\windows\system32\drivers\redbook.sys [scan path] c:\windows\system32\drivers\rkl1.tmp.sys [scan path] c:\windows\system32\drivers\secdrv.sys [scan path] c:\windows\system32\drivers\serenum.sys [scan path] c:\windows\system32\drivers\serial.sys [scan path] c:\windows\system32\drivers\sisgrp.sys [scan path] c:\windows\system32\drivers\splitter.sys [scan path] c:\windows\system32\drivers\sr.sys [scan path] c:\windows\system32\drivers\srv.sys [scan path] c:\windows\system32\drivers\srvkp.sys [scan path] c:\windows\system32\drivers\swenum.sys [scan path] c:\windows\system32\drivers\swmidi.sys [scan path] c:\windows\system32\drivers\sysaudio.sys [scan path] c:\windows\system32\drivers\tcpip.sys [scan path] c:\windows\system32\drivers\termdd.sys [scan path] c:\windows\system32\drivers\uagp35.sys [scan path] c:\windows\system32\drivers\update.sys [scan path] c:\windows\system32\drivers\usbccgp.sys [scan path] c:\windows\system32\drivers\usbehci.sys [scan path] c:\windows\system32\drivers\usbhub.sys [scan path] c:\windows\system32\drivers\usbohci.sys [scan path] c:\windows\system32\drivers\usbprint.sys [scan path] c:\windows\system32\drivers\usbscan.sys [scan path] c:\windows\system32\drivers\usbstor.sys [scan path] c:\windows\system32\drivers\usbuhci.sys [scan path] c:\windows\system32\drivers\vga.sys [scan path] c:\windows\system32\drivers\wanarp.sys [scan path] c:\windows\system32\drivers\wdmaud.sys [scan path] c:\windows\system32\dskquoui.dll [scan path] c:\windows\system32\dsquery.dll [scan path] c:\windows\system32\dssec.dll [scan path] c:\windows\system32\dsuiext.dll [scan path] c:\windows\system32\extmgr.dll [scan path] c:\windows\system32\fontext.dll [scan path] c:\windows\system32\gdi32.dll [scan path] c:\windows\system32\hticons.dll [scan path] c:\windows\system32\icmui.dll [scan path] c:\windows\system32\ie4uinit.exe [scan path] c:\windows\system32\iedkcs32.dll [scan path] c:\windows\system32\ieframe.dll [scan path] c:\windows\system32\ieudinit.exe [scan path] c:\windows\system32\imagehlp.dll [scan path] c:\windows\system32\imapi.exe [scan path] c:\windows\system32\inetcomm.dll [scan path] c:\windows\system32\itss.dll [scan path] c:\windows\system32\kerberos.dll [scan path] c:\windows\system32\kernel32.dll [scan path] c:\windows\system32\localspl.dll [scan path] c:\windows\system32\locator.exe [scan path] c:\windows\system32\logon.scr [scan path] c:\windows\system32\logonui.exe [scan path] c:\windows\system32\lsass.exe [scan path] c:\windows\system32\lz32.dll [scan path] c:\windows\system32\mdimon.dll [scan path] c:\windows\system32\mmcshext.dll [scan path] c:\windows\system32\mmfinfo.dll [scan path] c:\windows\system32\mmsys.cpl [scan path] c:\windows\system32\mnmsrvc.exe [scan path] c:\windows\system32\mscoree.dll [scan path] c:\windows\system32\mscories.dll [scan path] c:\windows\system32\msdtc.exe [scan path] c:\windows\system32\mshtml.dll [scan path] c:\windows\system32\msieftp.dll [scan path] c:\windows\system32\msiexec.exe [scan path] c:\windows\system32\mstask.dll [scan path] c:\windows\system32\msv1_0.dll [scan path] c:\windows\system32\msvidctl.dll [scan path] c:\windows\system32\mswsock.dll [scan path] c:\windows\system32\mydocs.dll [scan path] c:\windows\system32\nerocheck.exe [scan path] c:\windows\system32\netdde.exe [scan path] c:\windows\system32\netplwiz.dll [scan path] c:\windows\system32\netshell.dll [scan path] c:\windows\system32\ntlanui2.dll [scan path] c:\windows\system32\ntsd.exe [scan path] c:\windows\system32\ntshrui.dll [scan path] c:\windows\system32\occache.dll [scan path] c:\windows\system32\ole32.dll [scan path] c:\windows\system32\oleaut32.dll [scan path] c:\windows\system32\olecli32.dll [scan path] c:\windows\system32\olecnv32.dll [scan path] c:\windows\system32\olesvr32.dll [scan path] c:\windows\system32\olethk32.dll [scan path] c:\windows\system32\photowiz.dll [scan path] c:\windows\system32\pjlmon.dll [scan path] c:\windows\system32\printui.dll [scan path] c:\windows\system32\regsvr32.exe [scan path] c:\windows\system32\remotepg.dll [scan path] c:\windows\system32\rpcrt4.dll [scan path] c:\windows\system32\rpcss.dll [scan path] c:\windows\system32\rshx32.dll [scan path] c:\windows\system32\rsvp.exe [scan path] c:\windows\system32\rsvpsp.dll [scan path] c:\windows\system32\rundll32.exe [scan path] c:\windows\system32\scardsvr.exe [scan path] c:\windows\system32\scecli.dll [scan path] c:\windows\system32\schannel.dll [scan path] c:\windows\system32\sclgntfy.dll [scan path] c:\windows\system32\sendmail.dll [scan path] c:\windows\system32\services.exe [scan path] c:\windows\system32\sessmgr.exe [scan path] c:\windows\system32\shdocvw.dll [scan path] c:\windows\system32\shell32.dll [scan path] c:\windows\system32\shimgvw.dll [scan path] c:\windows\system32\shmedia.dll [scan path] c:\windows\system32\shmgrate.exe [scan path] c:\windows\system32\shscrap.dll [scan path] c:\windows\system32\sispower.dll [scan path] c:\windows\system32\sistray.exe [scan path] c:\windows\system32\slayerxp.dll [scan path] c:\windows\system32\smlogsvc.exe [scan path] c:\windows\system32\smss.exe [scan path] c:\windows\system32\spoolsv.exe [scan path] c:\windows\system32\stobject.dll [scan path] c:\windows\system32\svchost.exe [scan path] c:\windows\system32\syncui.dll [scan path] c:\windows\system32\tcpmon.dll [scan path] c:\windows\system32\themeui.dll [scan path] c:\windows\system32\tlntsvr.exe [scan path] c:\windows\system32\twext.dll [scan path] c:\windows\system32\ups.exe [scan path] c:\windows\system32\url.dll [scan path] c:\windows\system32\urlmon.dll [scan path] c:\windows\system32\usbmon.dll [scan path] c:\windows\system32\user32.dll [scan path] c:\windows\system32\version.dll [scan path] c:\windows\system32\vssvc.exe [scan path] c:\windows\system32\wbem\wmiapsrv.exe [scan path] c:\windows\system32\wdfmgr.exe [scan path] c:\windows\system32\wdigest.dll [scan path] c:\windows\system32\webcheck.dll [scan path] c:\windows\system32\wgalogon.dll [scan path] c:\windows\system32\wiascr.dll [scan path] c:\windows\system32\wiashext.dll [scan path] c:\windows\system32\wininet.dll [scan path] c:\windows\system32\winlogon.exe [scan path] c:\windows\system32\wldap32.dll [scan path] c:\windows\system32\wlnotify.dll [scan path] c:\windows\system32\wmpshell.dll [scan path] c:\windows\system32\wshext.dll [scan path] c:\windows\system32\wuaucpl.cpl [scan path] c:\windows\system32\zipfldr.dll [scan path] d:\avg 7.5.0.47 antispy\avg anti-spyware 7.5\avgas.exe [scan path] d:\avg 7.5.0.47 antispy\avg anti-spyware 7.5\guard.exe [scan path] d:\avg 7.5.0.47 antispy\avg anti-spyware 7.5\guard.sys [scan path] d:\avg 7.5.0.47 antispy\avg anti-spyware 7.5\shellexecutehook.dll [scan path] d:\div antivirus\cureit.exe [scan path] d:\div antivirus\sasdifsv.sys [scan path] d:\div antivirus\sasenum.sys [scan path] d:\div antivirus\saskutil.sys [scan path] d:\div antivirus\sasseh.dll [scan path] d:\div antivirus\saswinlo.dll [scan path] d:\div antivirus\superantispyware.exe [scan path] d:\spybot search and destroy\spybot - search & destroy\sdhelper.dll ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 302 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 2439 Kb/s Scan time: 00:00:43 ----------------------------------------------------------------------------- [scan path] C:\ C:\Documents and Settings\NetworkService\NTUSER.DAT - read error C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\Ulf Johansen\ntuser.dat - read error C:\Documents and Settings\Ulf Johansen\NTUSER~1.LOG - read error C:\Documents and Settings\Ulf Johansen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\Ulf Johansen\Lokale innstillinger\Programdata\Microsoft\Windows\USRCLA~1.LOG - read error C:\WINDOWS\system32\Process.#xe is hacktool program Tool.Prockill C:\WINDOWS\system32\config\default - read error C:\WINDOWS\system32\config\default.LOG - read error C:\WINDOWS\system32\config\SAM - read error C:\WINDOWS\system32\config\SAM.LOG - read error C:\WINDOWS\system32\config\SECURITY - read error C:\WINDOWS\system32\config\SECURITY.LOG - read error C:\WINDOWS\system32\config\software - read error C:\WINDOWS\system32\config\software.LOG - read error C:\WINDOWS\system32\config\system - read error C:\WINDOWS\system32\config\system.LOG - read error [scan path] D:\ ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 120422 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 1 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 1024 Kb/s Scan time: 00:42:21 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Objects scanned: 120724 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 1 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 1047 Kb/s Scan time: 00:43:04 ============================================================================= Endret 21. februar 2007 av ulfjoh01 Lenke til kommentar
V?rbris Skrevet 21. februar 2007 Forfatter Del Skrevet 21. februar 2007 (endret) Hva bør jeg gjøre med dette? Actions Entry Kind Visitor's assessment Information Logfile of HijackThis v1.99.1 This should be the newest version. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) This should be the newest version. C:\WINDOWS\System32\smss.exe Very safe This entry was classified from our visitors as good. C:\WINDOWS\system32\winlogon.exe Very safe This entry was classified from our visitors as good. C:\WINDOWS\system32\services.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\system32\lsass.exe Very safe This entry was classified from our visitors as good. C:\WINDOWS\system32\svchost.exe Safe This entry was classified from our visitors as good. C:\Programfiler\Windows Defender\MsMpEng.exe Microsoft Windows Defender C:\WINDOWS\System32\svchost.exe Very safe This entry was classified from our visitors as good. C:\Programfiler\Ahead\InCD\InCDsrv.exe Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd\! Check if you know this process and arrange a viruscheck where required. C:\WINDOWS\system32\spoolsv.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\Explorer.EXE Very safe This entry was classified from our visitors as good. C:\WINDOWS\SOUNDMAN.EXE Very safe This entry was classified from our visitors as good. C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe Very safe This entry was classified from our visitors as good. C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe Possibly nasty! According to our database this process runs normally in c:\programme\java\.*\bin\! Check if you know this process and arrange a viruscheck where required.Java Runtime C:\Programfiler\Ahead\InCD\InCD.exe Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd\! Check if you know this process and arrange a viruscheck where required. D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\avgas.exe Possibly nasty! According to our database this process runs normally in c:\programme\grisoft\avg anti-spyware.*\! Check if you know this process and arrange a viruscheck where required.Grisoft AVG Anti-Spyware C:\Programfiler\Windows Defender\MSASCui.exe Possibly nasty! According to our database this process runs normally in c:\programme\windows defender\! Check if you know this process and arrange a viruscheck where required.Part of Windows Defender C:\WINDOWS\system32\ctfmon.exe Very safe This entry was classified from our visitors as good. D:\div antivirus\SUPERAntiSpyware.exe Possibly nasty! According to our database this process runs normally in c:\programme\superantispyware\! Check if you know this process and arrange a viruscheck where required.Antispyware Tool D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\guard.exe Possibly nasty! According to our database this process runs normally in c:\programme\.*! Check if you know this process and arrange a viruscheck where required.Steganos AntiDialer Ewido Anti-Spyware C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Part of AVG Antivirus C:\WINDOWS\system32\sistray.exe Safe SIS Vga Card Driver C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Antivirensoftware C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe Antivirensoftware C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\microsoft shared\vs7debug\! Check if you know this process and arrange a viruscheck where required.Machine Debug Manager. Used by developers. C:\WINDOWS\system32\svchost.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\System32\svchost.exe Very safe This entry was classified from our visitors as good. C:\Programfiler\Internet Explorer\iexplore.exe Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required.Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox) D:\test\test.exe This is a unknown process. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 Safe This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 Neutral This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 Safe This page has been identified as safe. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 Neutral This page has been identified as safe. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger Very safe This entry was classified from our visitors as good. O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SPYBOT~1\SDHelper.dll SDhelper.dll - Spybot - Search & Destroy, http://spybot.eon.net.au/ O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll Toolband.dll - Canon EasyWebPrint, http://www.canoneasywebprint.com/en/inde x.htm O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent Very safe This entry was classified from our visitors as good. O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE Safe Not dangerous, but unnecessary.This entry was classified from our visitors as good. O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP Very safe AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe Neutral Java von Sun O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe Safe This entry was classified from our visitors as good. O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\avgas.exe" /minimized Grisoft AVG Anti-Spyware O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide Windows Defender O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe Safe This entry was classified from our visitors as good. O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\div antivirus\SUPERAntiSpyware.exe Anti Spyware Tool O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe Safe System Tray icon for SiS based graphics. Note - this resides in C:\Windows\System O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 The entry E&ksporter til Microsoft Excel has been identified as safe. O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html The entry Easy-WebPrint Add To Print List has been identified as safe. O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html The entry Easy-WebPrint High Speed Print has been identified as safe. O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html The entry Easy-WebPrint Preview has been identified as safe. O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html The entry Easy-WebPrint Print has been identified as safe. O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL The entry Oppslag has been identified as safe. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Safe Unnecessary (deactivated) entry that can be fixed.This entry was classified from our visitors as good. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Safe Unnecessary (deactivated) entry that can be fixed.This entry was classified from our visitors as good. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe Neutral The entry Messenger has been identified as safe. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe The entry Windows Messenger has been identified as safe. O11 - Options group: [iNTERNATIONAL] International* Neutral O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 Safe This entry was classified from our visitors as good. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...ient/wuweb_site .cab?1143721970843 This entry has been identified as safe. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL This entry has been identified as safe. O20 - Winlogon Notify: !SASWinLogon - D:\div antivirus\SASWINLO.dll Part of Super Antispyware O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll Safe This entry was classified from our visitors as good. O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\AVG 7.5.0.47 ANTISPY\AVG Anti-Spyware 7.5\guard.exe This service (guard.exe) was identified as a good one. O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe This service (avgamsvr.exe) was identified as a good one. O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Very safe This service (avgupsvc.exe) was identified as a good one.This entry was classified from our visitors as good. O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe This service (avgemc.exe) was identified as a good one. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe This service (IDriverT.exe) was identified as a good one. O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programfiler\Ahead\InCD\InCDsrv.exe This service (InCDsrv.exe) was identified as a good one. O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programfiler\Ahead\InCD\InCDsrv.exe This service (InCDsrv.exe) was identified as a good one. Short analysis Her er 2 stk unødvendige? entrys som kan fikses? i følge higjjacks nettscan dette er som du/dere ser disse 2 stk: O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Safe Unnecessary (deactivated) entry that can be fixed.This entry was classified from our visitors as good. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Safe Unnecessary (deactivated) entry that can be fixed.This entry was classified from our visitors as good. Det er vel mulig at det er dette dr.web gir utslag på? og ingen andre spy/virus programmer, kan jeg slette disse uten risiko ( forstår det slik ) og hvordan bør jeg gjøre det? NB. Ser også at bruker jlona rett nedenfor har hatt problemer med disse 2 stk filer, shutdowns - blåskjerm - jeg har filene men har ikke hatt annet problem en forespørsel om å kjøre ett script, noe som dukket opp siste dager, og en anelse om at alt ikke var som det skulle/hadde vært. Men hvis filene som er unnecessary ( deactivated ) kan slettes og hvordan burde vel alt være i orden? Endret 21. februar 2007 av ulfjoh01 Lenke til kommentar
Gjest medlem-105082 Skrevet 21. februar 2007 Del Skrevet 21. februar 2007 De to siste kan du slette ja. De med (file missing) Lenke til kommentar
norbat Skrevet 21. februar 2007 Del Skrevet 21. februar 2007 (endret) Denne C\windows\system32\process.exe-fila tilhører nok et av de 'fix'-programmene du har kjørt på pc'n (eks. smitfraudfix). Denne fila blir av noen antivirusprogram (bla. DrWeb) tatt for å være et 'Risk tool' uten at det er det. Loggene dine ser forøvrig greie ut. Du kan oppdatere java-programmet ditt. Endret 21. februar 2007 av norbat Lenke til kommentar
V?rbris Skrevet 21. februar 2007 Forfatter Del Skrevet 21. februar 2007 Har slettet disse 2 stk ( unødvendige filer med highjackthis ) som også tok backup av filene, scanner nå med dr.web og tror jeg sletter denne process.#xe fila hvis den dukker opp. Har selv valgt å ikke oppdatere javaprogrammet tidligere da jeg ikke var sikker på hva det hadde for en hensikt. Takk for hjelpa og opplysninger. Lenke til kommentar
norbat Skrevet 21. februar 2007 Del Skrevet 21. februar 2007 Har slettet disse 2 stk ( unødvendige filer med highjackthis ) som også tok backup av filene, scanner nå med dr.web og tror jeg sletter denne process.#xe fila hvis den dukker opp.Har selv valgt å ikke oppdatere javaprogrammet tidligere da jeg ikke var sikker på hva det hadde for en hensikt. Takk for hjelpa og opplysninger. 7992223[/snapback] Å oppdatere java er like hensiktmessig som å installere oppdateringene som kommer for Windows. Med andre ord kan det dreie seg om viktige oppdateringer som er knyttet til sikkerheten. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå