C:\WINDOWS\system32/spoolsv

[kakan80]

Hejsan

Jag tror att det kom när jag installerde skrivardrivrutinerna men är inte helt säker. Har kollat runt lite och läst att jag ska köra en virusscan men den hittar inte viruset som filen spoolsv ska lägga in (backdoor.ciadoor) Har Norton Internet Security uppdaterat. Värderna i registret som den ska lägga till kan jag inte heller hitta. Har filen spoolsv i win-katalogen och när jag startar datorn så säger norton säkert femton ggr att den skapar automatiskt åtkomstregler för win spooler service. Är detta något jag behöver oroa mig över.

Tack på förhand

 

 

[Zipp.]

 

spoolsv.exe tillhör skrivarsystemet men kan också vara en baddy.

 

Skicka Hijack logg

 

Scan > Save log > Kopiera > Hit

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

[kakan80]

Logfile of HijackThis v1.99.1

Scan saved at 11:14:46, on 2005-03-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\MICROS~4\MSSQL\binn\sqlservr.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\ltmoh\Ltmoh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

C:\Program\EzButton\CplBCL50.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Ahead\InCD\InCD.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Nokia\Nokia PC Suite 6\Launch Application 2.exe

C:\Program\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program\Java\jre1.5.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Lexmark X1100 Series\lxbkbmon.exe

C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\1XConfig.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Karin\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [CplBCL50] C:\Program\EzButton\CplBCL50.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28d4dd18e8d93e1a4c21/netzip/RdxIE601.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[Zipp.]

Bocka i och Fix:sa

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28d4dd18e8d93e1a4c21/netzip/RdxIE601.

cab

 

Ser inget annat i loggen,men för att vara säker så kan du scanna alla spoolsv.exe du hittar här

 

http://virusscan.jotti.org/

 

 

 

 

[kakan80]

MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)

 

Hann nog ta bort den emellan nu å då ville inte skrivaren funka så fick lite problem å ominstallera drivrutinerna igen eftersom den bara ville hänga sig. Men det var antagligen inget farligt med filen då. Ovan urklipp är ifrån virusscan.jotti.org

 

Ska jag strunta i att Norton talar om att den skapar regler för filen då?

 

[Zipp.]

 

> Hann nog ta bort den emellan nu å då ville inte skrivaren funka <

 

Ok,då måste filen vara ok

 

> Ska jag strunta i att Norton talar om att den skapar regler för filen då <

 

Känner inte till Norton Internet Security men kan man acceptera att reglena görs,så slipper man gnället varje start.

 

[927]

 

det är en windowstjänst som måste va aktiv för att man ska kunna skriva ut.

 

om man ska skriva ut en webbsida så är det möjligt att den filen måste få tillgång till internet. jag vet inte, har aldrig skrivit ut nåt från nätet.

 

din skrivare behöver inte autostarta, fixar du den här så kanske ditt problem försvinner

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program\Lexmark X1100 Series\lxbkbmgr.exe"