Avatar billede smal64 Novice
18. april 2011 - 21:34 Der er 8 kommentarer

Cran.vcd

Hej Eksperter

Har lige fået en nabos PC til gennemsyn, da hun påstår, at den vist er ramt af Virus. Med hendes Avira virus skanner program, bliver der detekteret én virus nemlig cran.vcd. Hendes virus program er tilsyneladende ikke i stand til at fjerne den.

Nogle der kender til denne fil/virus og ikke mindst hvordan man får bugt med den, såfremt det faktisk er en virus eller lignende.
Avatar billede johnstigers Seniormester
18. april 2011 - 21:41 #1
Hent og instalér CCleaner http://www.ccleaner.com
Her finder du vejledning til brug af programmet: http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner.
Kør programmet med de foreslåede indstillinger fra Spywarefri.


Hent Malwarebytes Anti-Malware herfra:
http://www.malwarebytes.org/mbam.php
Installer programmet og lad programmet opdatere. Det er vigtigt at du klikke opdater til du får at vide at programmet er fuldt opdateret. Klik herefter på "Udfør en hurtig skanning" (Denne skanning foreslår Malwarebytes selv i deres forums!) Klik på "Skan" og lad programmet køre til det er færdigt. Det kan tage lang tid alt efter hvor meget du har installeret på din pc.
Klik "Vis resultater" knappen når den er færdig og derefter klik på "Fjern det valgte". Der kommer nu en log frem med skanningsresultatet, som du skal gemme et sted så du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Vista + Windows 7 brugere skal høreklikke på programmet og vælge "Kør som Administrator..."
18. april 2011 - 21:40 #2
Under hvilket system:
Win98, ME, W2000, XP, Vista, Win7, OS/2, Unix, Linux, ... ?

---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."
Avatar billede smal64 Novice
18. april 2011 - 23:27 #3
Ok. Tak for de udførlige beskrivelser. Jeg går i krig i morgen eftermiddag.
Avatar billede johnstigers Seniormester
19. april 2011 - 20:34 #4
Hvad så?
Avatar billede smal64 Novice
20. april 2011 - 21:50 #5
Hej igen

Ja jeg har desværre mange jern i ilden, så derfor har jeg først en tilbagemelding nu.

I det efterfølgende følger en kopi af 3 logfiler. Først en kopi af logfilen fra Anti Malware. Dernæst en kopi af logfilen fra HiJackThis og sluttelig en kopi af logfilen fra det Virus progam Avira, der anvendes på PC'en.

1) Anti Malware

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6399

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

19-04-2011 23:17:57
mbam-log-2011-04-19 (23-17-57).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 262025
Tid gået: 1 time(e), 57 minut(ter), 39 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 1
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

2) HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:55, on 19-04-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Internet Download\Hij\Larry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Sikkerhed\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.y8.com/games/Cave_Hunter"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214941218268
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10974 bytes


3) Avira Virus Skanner

Avira AntiVir Personal
Report file date: 20. april 2011  08:53

Scanning for 2580902 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number  : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode      : Normally booted
Username        : SYSTEM
Computer name  : LONETHYGESEN

Version information:
BUILD.DAT      : 10.0.0.635    31822 Bytes  07-03-2011 12:15:00
AVSCAN.EXE      : 10.0.3.5      435368 Bytes  17-01-2011 10:04:45
AVSCAN.DLL      : 10.0.3.0      46440 Bytes  01-04-2010 11:57:04
LUKE.DLL        : 10.0.3.2      104296 Bytes  17-01-2011 10:04:46
LUKERES.DLL    : 10.0.0.1      12648 Bytes  10-02-2010 22:40:49
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06-11-2009 08:05:36
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14-12-2010 10:04:17
VBASE002.VDF    : 7.11.3.0    1950720 Bytes  09-02-2011 06:59:05
VBASE003.VDF    : 7.11.5.225  1980416 Bytes  07-04-2011 06:42:42
VBASE004.VDF    : 7.11.5.226      2048 Bytes  07-04-2011 06:42:42
VBASE005.VDF    : 7.11.5.227      2048 Bytes  07-04-2011 06:42:42
VBASE006.VDF    : 7.11.5.228      2048 Bytes  07-04-2011 06:42:42
VBASE007.VDF    : 7.11.5.229      2048 Bytes  07-04-2011 06:42:42
VBASE008.VDF    : 7.11.5.230      2048 Bytes  07-04-2011 06:42:42
VBASE009.VDF    : 7.11.5.231      2048 Bytes  07-04-2011 06:42:42
VBASE010.VDF    : 7.11.5.232      2048 Bytes  07-04-2011 06:42:42
VBASE011.VDF    : 7.11.5.233      2048 Bytes  07-04-2011 06:42:42
VBASE012.VDF    : 7.11.5.234      2048 Bytes  07-04-2011 06:42:43
VBASE013.VDF    : 7.11.6.28    158208 Bytes  11-04-2011 06:42:43
VBASE014.VDF    : 7.11.6.74    116224 Bytes  13-04-2011 06:42:44
VBASE015.VDF    : 7.11.6.113    137728 Bytes  14-04-2011 06:42:44
VBASE016.VDF    : 7.11.6.150    146944 Bytes  18-04-2011 14:48:20
VBASE017.VDF    : 7.11.6.151      2048 Bytes  18-04-2011 14:48:20
VBASE018.VDF    : 7.11.6.152      2048 Bytes  18-04-2011 14:48:20
VBASE019.VDF    : 7.11.6.153      2048 Bytes  18-04-2011 14:48:20
VBASE020.VDF    : 7.11.6.154      2048 Bytes  18-04-2011 14:48:20
VBASE021.VDF    : 7.11.6.155      2048 Bytes  18-04-2011 14:48:20
VBASE022.VDF    : 7.11.6.156      2048 Bytes  18-04-2011 14:48:20
VBASE023.VDF    : 7.11.6.157      2048 Bytes  18-04-2011 14:48:20
VBASE024.VDF    : 7.11.6.158      2048 Bytes  18-04-2011 14:48:20
VBASE025.VDF    : 7.11.6.159      2048 Bytes  18-04-2011 14:48:20
VBASE026.VDF    : 7.11.6.160      2048 Bytes  18-04-2011 14:48:20
VBASE027.VDF    : 7.11.6.161      2048 Bytes  18-04-2011 14:48:20
VBASE028.VDF    : 7.11.6.162      2048 Bytes  18-04-2011 14:48:20
VBASE029.VDF    : 7.11.6.163      2048 Bytes  18-04-2011 14:48:20
VBASE030.VDF    : 7.11.6.164      2048 Bytes  18-04-2011 14:48:20
VBASE031.VDF    : 7.11.6.187    120832 Bytes  19-04-2011 21:31:00
Engineversion  : 8.2.4.208
AEVDF.DLL      : 8.1.2.1      106868 Bytes  08-08-2010 06:08:25
AESCRIPT.DLL    : 8.1.3.58    1266042 Bytes  04-04-2011 16:18:41
AESCN.DLL      : 8.1.7.2      127349 Bytes  17-01-2011 10:04:40
AESBX.DLL      : 8.1.3.2      254324 Bytes  17-01-2011 10:04:42
AERDL.DLL      : 8.1.9.9      639347 Bytes  04-04-2011 16:18:39
AEPACK.DLL      : 8.2.6.0      549237 Bytes  17-04-2011 06:42:52
AEOFFICE.DLL    : 8.1.1.20      205177 Bytes  04-04-2011 16:18:33
AEHEUR.DLL      : 8.1.2.98    3441014 Bytes  17-04-2011 06:42:51
AEHELP.DLL      : 8.1.16.1      246134 Bytes  14-02-2011 06:59:12
AEGEN.DLL      : 8.1.5.4      397684 Bytes  04-04-2011 16:18:27
AEEMU.DLL      : 8.1.3.0      393589 Bytes  17-01-2011 10:04:28
AECORE.DLL      : 8.1.20.2      196982 Bytes  17-04-2011 06:42:46
AEBB.DLL        : 8.1.1.0        53618 Bytes  08-08-2010 06:08:14
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  14-01-2010 11:03:38
AVPREF.DLL      : 10.0.0.0      44904 Bytes  14-01-2010 11:03:35
AVREP.DLL      : 10.0.0.8      62209 Bytes  18-02-2010 15:47:40
AVREG.DLL      : 10.0.3.2      53096 Bytes  07-11-2010 12:15:41
AVSCPLR.DLL    : 10.0.3.2      84328 Bytes  17-01-2011 10:04:46
AVARKT.DLL      : 10.0.22.6    231784 Bytes  17-01-2011 10:04:43
AVEVTLOG.DLL    : 10.0.0.8      203112 Bytes  26-01-2010 08:53:30
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28-01-2010 11:57:58
AVSMTP.DLL      : 10.0.0.17      63848 Bytes  16-03-2010 14:38:56
NETNT.DLL      : 10.0.0.0      11624 Bytes  19-02-2010 13:41:00
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28-01-2010 12:10:20
RCTEXT.DLL      : 10.0.58.0      97128 Bytes  07-11-2010 12:15:41

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 20. april 2011  08:53

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'fsav32.exe' - '41' Module(s) have been scanned
Scan process 'alg.exe' - '37' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'fsdfwd.exe' - '62' Module(s) have been scanned
Scan process 'fssm32.exe' - '31' Module(s) have been scanned
Scan process 'FIH32.EXE' - '9' Module(s) have been scanned
Scan process 'fsorsp.exe' - '31' Module(s) have been scanned
Scan process 'FNRB32.EXE' - '32' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '26' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '33' Module(s) have been scanned
Scan process 'x10nets.exe' - '37' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '7' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'slserv.exe' - '7' Module(s) have been scanned
Scan process 'SeaPort.exe' - '39' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '21' Module(s) have been scanned
Scan process 'MDM.EXE' - '24' Module(s) have been scanned
Scan process 'jqs.exe' - '37' Module(s) have been scanned
Scan process 'FSHDLL32.EXE' - '48' Module(s) have been scanned
Scan process 'FSGK32.EXE' - '34' Module(s) have been scanned
Scan process 'FSMA32.EXE' - '18' Module(s) have been scanned
Scan process 'fsgk32st.exe' - '12' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'ehSched.exe' - '23' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '47' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '50' Module(s) have been scanned
Scan process 'avguard.exe' - '57' Module(s) have been scanned
Scan process 'ctfmon.exe' - '28' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '56' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '99' Module(s) have been scanned
Scan process 'SmpSys.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'avgnt.exe' - '47' Module(s) have been scanned
Scan process 'FSM32.EXE' - '57' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '36' Module(s) have been scanned
Scan process 'RMC.exe' - '23' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'spoolsv.exe' - '69' Module(s) have been scanned
Scan process 'Explorer.EXE' - '94' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '18' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '30' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '17' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1814' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\Program Files\F-Secure\FSAUA\content\aquawin32\1303243836\cran.cvd
    [DETECTION] Contains recognition pattern of the Trivial-28 (A) virus

Beginning disinfection:
C:\Program Files\F-Secure\FSAUA\content\aquawin32\1303243836\cran.cvd
    [DETECTION] Contains recognition pattern of the Trivial-28 (A) virus
    [NOTE]      The file was moved to the quarantine directory under the name '4585385c.qua'.


End of the scan: 20. april 2011  10:42
Used time:  1:44:30 Hour(s)

The scan has been done completely.

  11485 Scanned directories
556715 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
556714 Files not concerned
  11815 Archives were scanned
      0 Warnings
      1 Notes
497387 Objects were scanned with rootkit scan
      0 Hidden objects were found


Håber I eksperter kan få noget ud af de leverede log filer.
20. april 2011 - 22:10 #6
PS: www.newsonfeeds.com/article/13826553/Cran.vcd - kører du den også der ?

---

Jeg tror det er en 'flask' alarm fra [Avira] ...

---

Yderligere kommentar ->

Du har nogle mere eller mindre levende rester fra "F-Secure Anti-Virus" ?
Ikke smart ...

---

Du mangler sansynligvis en del WindowsUpdate elementer (IE8)

---
Avatar billede smal64 Novice
03. maj 2011 - 14:52 #7
Hej

Vi besluttede at formatere harddisken og lægge windows med de nødvendige opdateringer ind igen.

Kan I ikke sende mig et svar, så I kan få jeres velfortjente points.
03. maj 2011 - 15:12 #8
Ping...

(Husk alle opdateringer fra WindowsUpdate !!!)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester