treeHugger123 Skrevet 3. juli 2008 Del Skrevet 3. juli 2008 jeg tok en scan med superantispyware og da kom den opp med dette her... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/03/2008 at 07:38 PM Application Version : 4.15.1000 Core Rules Database Version : 3496 Trace Rules Database Version: 1487 Scan type : Quick Scan Total Scan Time : 00:02:49 Memory items scanned : 354 Memory threats detected : 0 Registry items scanned : 274 Registry threats detected : 8 File items scanned : 3780 File threats detected : 1 Trojan.Unknown Origin HKLM\SYSTEM\CurrentControlSet\Services\msupdate HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\msupdate#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Description HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Start HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Type Trojan.Dropper/SVCHost-Fake C:\WINDOWS\SVCHOST.EXE ---------------------------------------------------------------- jeg tror den fikk fjernet det, men jeg lurer veldig på hva det var for noe`? og hva der kom av... jeg poster hijackthis logg også... ------------------------- Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:45:48 PM, on 7/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Virtual Machine Additions\vmusrvc.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Virtual Machine Additions\vmsrvc.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Virtual Machine Additions\vpcmap.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [VMUserServices] C:\Program Files\Virtual Machine Additions\vmusrvc.exe O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe -- End of file - 4908 bytes Klikk for å se/fjerne innholdet nedenfor Lenke til kommentar
norbat Skrevet 3. juli 2008 Del Skrevet 3. juli 2008 (endret) Hva det eksakt gjør, vet jeg ikke, men en trojan dropper har gjerne som oppgave å starte en infeksjon der annen malware blir lastet ned/spredt. SAS er et såpass oppegående program at når det ikke finner mer, så er sannsynligheten for at du ikke har mer malware stor. HJT-loggen din viser heller ingen infeksjoner. Endret 4. juli 2008 av norbat Lenke til kommentar
Vanguard12 Skrevet 13. juli 2008 Del Skrevet 13. juli 2008 (endret) This is a valid program but it is not required to run on startup. This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. The following information is a brief description of what is known about this file. If you require further assistance for this file, feel free to ask about in the forums. Name: getPlus® Helper Filename: getPlus_HelperSvc.exe Description: Adobe downloader used to download updates for Adobe applications. File Location: C:\Program Files\NOS\bin\getPlus_HelperSvc.exe Startup Type: This startup entry is installed as a Windows NT, 2000, 2003, XP, or Vista service. Service Name: getPlus® Helper Service Display Name: getPlus® Helper Endret 13. juli 2008 av Vanguard12 Lenke til kommentar
r2d290 Skrevet 13. juli 2008 Del Skrevet 13. juli 2008 Nå var det vel ikke C:\Program Files\NOS\bin\getPlus_HelperSvc.exe men C:\WINDOWS\SVCHOST.EXE som var problemet... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå