Spybot S&D immunize gir Norton AV falsk treff? "Adware.Systemprocess"

[Woodstock]

Fikk igår kveld plutselig opp melding fra Norton AV (Online/telenor-versjon) at den hadde funnet "Adware.Systemprocess" - og helt fjernet 52 reg.oppføringer og 2 filer. Tok en fullt systemsøk - alt ok.

 

Siden jeg har hatt 2-3 andre falske clean-ups fra NAV tidligere i år, sjekket jeg for sikkerhets skyld Spybot S&D 1.5... der så jeg at den ikke lenger var fullt immunized, og kjørte den igjenom slik at den ble 100% immunized. Deretter gikk jeg tilbake til NAV igjen og tok et hurtigsøk - og da sier den at samme "Adware.Systemprocess" er funnet og løst. (52 reg.oppføringer og 2 filer)...

 

Så går jeg tilbake til S&D igjen, og da er den ikke lenger fullt immunized men står slik den stod etter NAV fjernet Adware.Systemprocess. Så spørsmålet mitt er da, kan jeg anta at dette er et falsk varsel fra NAV som skyldes S&D? Svært takknemlig for tilbakemelding(er)...

 

(Har forøvrig også kjørt Ad-aware 2007 og den finner ingenting - itillegg til et fullt søk av S&D også selvfølgelig.)

Endret 11. november 2007 av Woodstock

[norbat]

Det kan være falsk varsel, men post gjerne en hjt-logg. Den kan fortelle litt mer:

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

[Woodstock]

Ok, her er loggen nederst her... :-) Googlet forøvrig litt istad og det virker som det er flere enn meg som har fått varsel om denne "Adware.Systemprocess" etter siste virusdef-oppdatering fra NAV for et døgn siden:

 

http://au.answers.yahoo.com/answers2/front...10224557AAh1WXb

 

http://www.dslreports.com/forum/r19423549-...FP-likely?r=401

 

Var også innom min mor og sjekket hennes pc istad, og jammen fant ikke NAV "Adware.Systemprocess" der også. (Våre PC-er har ikke noe kontakt med hverandre...) Så jeg håper på det beste nå... nemlig at NAV rører (igjen).

 

HJT-loggen:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:48:02, on 11.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\TVersity\Media Server\MediaServer.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Programfiler\ASUS\AASP\1.00.05\aaCenter.exe

C:\Programfiler\Elaborate Bytes\DVD Region Killer\RegKillTray.exe

C:\Programfiler\DU Meter\DUMeter.exe

C:\Programfiler\Microsoft IntelliType Pro\itype.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Programfiler\Microsoft IntelliPoint\ipoint.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Free Desktop Clock\DesktopClock.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Sizer\sizer.exe

C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\TVersity\Media Server\TVersity.exe

C:\Programfiler\Nero\Nero 7\Nero Vision\NeroVision.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Øivind\Skrivebord\HJT\HiJackThis.exe

C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dinside.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.109.146.141:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [AsusServiceProvider] C:\Programfiler\ASUS\AASP\1.00.05\aaCenter.exe

O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Programfiler\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill

O4 - HKLM\..\Run: [RegKillTray] "C:\Programfiler\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DU Meter] C:\Programfiler\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [itype] "c:\Programfiler\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Programfiler\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skinClock] C:\Programfiler\Free Desktop Clock\DesktopClock.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [hddled.exe] C:\Programfiler\HddLed\hddled.exe s

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Sizer.lnk = C:\Programfiler\Sizer\sizer.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157543389530

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179919899765

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://buypass.no/Installasjoner/Buypass_i...ogram/setup.exe

O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_3.cab

O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab

O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_2.cab

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe

 

--

End of file - 12087 bytes

Endret 11. november 2007 av Woodstock

[wil]

Hei. Jeg vet ikke hvorfor det er slik, men jeg anbefaler deg i alle fall å avinstallere Spybot And Destroy og istede installere f. eks SuperAntiSpyware eller noe sånt. Spybot And Destroy har laga litt krøll for min del i alle fall, særlig når jeg brukte RealtTime eller hva det no heter.

 

 

Lykke til.

 

 

 

Hilsen. wil.