Woodstock Skrevet 11. november 2007 Del Skrevet 11. november 2007 (endret) Fikk igår kveld plutselig opp melding fra Norton AV (Online/telenor-versjon) at den hadde funnet "Adware.Systemprocess" - og helt fjernet 52 reg.oppføringer og 2 filer. Tok en fullt systemsøk - alt ok. Siden jeg har hatt 2-3 andre falske clean-ups fra NAV tidligere i år, sjekket jeg for sikkerhets skyld Spybot S&D 1.5... der så jeg at den ikke lenger var fullt immunized, og kjørte den igjenom slik at den ble 100% immunized. Deretter gikk jeg tilbake til NAV igjen og tok et hurtigsøk - og da sier den at samme "Adware.Systemprocess" er funnet og løst. (52 reg.oppføringer og 2 filer)... Så går jeg tilbake til S&D igjen, og da er den ikke lenger fullt immunized men står slik den stod etter NAV fjernet Adware.Systemprocess. Så spørsmålet mitt er da, kan jeg anta at dette er et falsk varsel fra NAV som skyldes S&D? Svært takknemlig for tilbakemelding(er)... (Har forøvrig også kjørt Ad-aware 2007 og den finner ingenting - itillegg til et fullt søk av S&D også selvfølgelig.) Endret 11. november 2007 av Woodstock Lenke til kommentar
norbat Skrevet 11. november 2007 Del Skrevet 11. november 2007 Det kan være falsk varsel, men post gjerne en hjt-logg. Den kan fortelle litt mer: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Woodstock Skrevet 11. november 2007 Forfatter Del Skrevet 11. november 2007 (endret) Ok, her er loggen nederst her... :-) Googlet forøvrig litt istad og det virker som det er flere enn meg som har fått varsel om denne "Adware.Systemprocess" etter siste virusdef-oppdatering fra NAV for et døgn siden: http://au.answers.yahoo.com/answers2/front...10224557AAh1WXb http://www.dslreports.com/forum/r19423549-...FP-likely?r=401 Var også innom min mor og sjekket hennes pc istad, og jammen fant ikke NAV "Adware.Systemprocess" der også. (Våre PC-er har ikke noe kontakt med hverandre...) Så jeg håper på det beste nå... nemlig at NAV rører (igjen). HJT-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:48:02, on 11.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programfiler\ASUS\AASP\1.00.05\aaCenter.exe C:\Programfiler\Elaborate Bytes\DVD Region Killer\RegKillTray.exe C:\Programfiler\DU Meter\DUMeter.exe C:\Programfiler\Microsoft IntelliType Pro\itype.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Free Desktop Clock\DesktopClock.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe C:\Programfiler\Sizer\sizer.exe C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\TVersity\Media Server\TVersity.exe C:\Programfiler\Nero\Nero 7\Nero Vision\NeroVision.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Øivind\Skrivebord\HJT\HiJackThis.exe C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dinside.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.109.146.141:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [AsusServiceProvider] C:\Programfiler\ASUS\AASP\1.00.05\aaCenter.exe O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Programfiler\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill O4 - HKLM\..\Run: [RegKillTray] "C:\Programfiler\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DU Meter] C:\Programfiler\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [itype] "c:\Programfiler\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skinClock] C:\Programfiler\Free Desktop Clock\DesktopClock.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [hddled.exe] C:\Programfiler\HddLed\hddled.exe s O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Sizer.lnk = C:\Programfiler\Sizer\sizer.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157543389530 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179919899765 O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://buypass.no/Installasjoner/Buypass_i...ogram/setup.exe O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_3.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_2.cab O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe -- End of file - 12087 bytes Endret 11. november 2007 av Woodstock Lenke til kommentar
wil Skrevet 12. november 2007 Del Skrevet 12. november 2007 Hei. Jeg vet ikke hvorfor det er slik, men jeg anbefaler deg i alle fall å avinstallere Spybot And Destroy og istede installere f. eks SuperAntiSpyware eller noe sånt. Spybot And Destroy har laga litt krøll for min del i alle fall, særlig når jeg brukte RealtTime eller hva det no heter. Lykke til. Hilsen. wil. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå