Scoter72 Postad 10 april, 2008 Share Postad 10 april, 2008 Hej,Ett popupfönster dyker upp ibland med reklam.Ads served by RightonadzAds served by AsdditeOperativsystem Windows XP, Internet Explorer 7Någon som vet hur man blir av med dessa?Har försökt med adaware, SB&D Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 10 april, 2008 Share Postad 10 april, 2008 Vi kan ju se om HijackThis visar något till att börja med:http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).Klistra in loggen i ditt svar. Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 14 april, 2008 Trådskapare Share Postad 14 april, 2008 Hej igenNu har vi gjort som du bad om och här är resultatet:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:10:51, on 2008-04-14Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\HP DigitalMedia Archive\DMAScheduler.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\A4Tech\Mouse\Amoumain.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\P1370Mon.exeC:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\WINDOWS\System32\Rundll32.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\System32\svchost.exeC:\HP\KBD\KBD.EXEC:\Program Files\Mozilla Firefox\firefox.exec:\windows\system\hpsysdrv.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=PAVILION&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=PAVILION&pf=desktopO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: rightonadz browser optimizer - {09bee258-ffcf-80c8-ca41-2ef20109f0cc} - C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dllO2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - C:\WINDOWS\system32\gzmrotate.dll (file missing)O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheModeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /runO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exeO4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [P1370Mon.exe] C:\WINDOWS\P1370Mon.exeO4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll" DllInitO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D134BD40-CF2D-46D0-AB91-D6D76B78A79A}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 11602 bytesTacksam för tipps Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 14 april, 2008 Share Postad 14 april, 2008 Ladda ner ComboFix till Skrivbordet:http://download.bleepingcomputer.com/sUBs/ComboFix.exeDra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg (alternativt starta om datorn i felsäkert läge). Kör ComboFix och följ anvisningarna som visas. VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig. När den är färdig så ska en logg komma upp, klistra in den i ditt svar men dela upp loggen i t ex 4 olika inlägg för forumet blir lätt segt annars. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.Om du får problem med att komma ut på internet:Kontrollpanelen - Nätverksanslutningar högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem. Säg då till i stället för att köra ComboFix. Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 2 Maj, 2008 Trådskapare Share Postad 2 Maj, 2008 Hej igenSent om sidor så har vi nu fått fram följande logg.Har delat upp loggen i 4 inlägg som du önskar.ComboFix 08-05-01.1 - HP_Administrator 2008-05-02 12:50:39.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1542 [GMT 2:00]Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XMLC:\Documents and Settings\HP_Administrator\Application Data\urlredir.cfgC:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XMLC:\WINDOWS\Downloaded Program Files\setup.infC:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dllC:\WINDOWS\system32\adssite-remove.exeC:\WINDOWS\system32\adssite_sidebar.dllC:\WINDOWS\system32\iebrowserc.dllC:\WINDOWS\system32\rightonadz-uninst.exeE:\Autorun.inf .((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))). 2008-04-21 17:05 . 2008-04-21 17:05 <DIR> d-------- C:\Program Files\PhotoFiltre2008-04-14 17:10 . 2008-04-14 17:10 <DIR> d-------- C:\Program Files\Trend Micro2008-04-14 08:51 . 2008-04-14 08:51 <DIR> d-------- C:\Sierra2008-04-12 08:41 . 2008-04-12 08:41 63,880 --a------ C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exe2008-04-11 17:46 . 2008-04-11 17:46 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll2008-04-10 11:40 . 2008-04-10 11:36 691,545 --a------ C:\WINDOWS\unins000.exe2008-04-10 11:40 . 2008-04-10 11:40 2,552 --a------ C:\WINDOWS\unins000.dat2008-04-10 11:33 . 2008-04-10 11:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2008-04-10 11:33 . 2008-04-10 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-04-10 11:28 . 2008-04-14 16:11 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe2008-04-04 23:30 . 2008-04-04 23:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ubisoft2008-04-04 23:30 . 2008-04-04 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft2008-04-04 21:16 . 2008-04-18 17:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-02 00:17 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent2008-05-01 19:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire2008-05-01 11:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-05-01 11:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe2008-04-27 19:37 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Hamachi2008-04-16 12:46 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype2008-04-14 17:07 --------- d-----w C:\Program Files\Windows Media Connect 22008-04-14 15:33 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows2008-04-14 15:33 --------- d-----w C:\Program Files\Microsoft Works2008-04-14 15:33 --------- d-----w C:\Program Files\LimeWire2008-04-14 15:33 --------- d-----w C:\Program Files\GemMaster2008-04-14 15:33 --------- d-----w C:\Program Files\GameSpy Arcade2008-04-14 15:33 --------- d-----w C:\Program Files\EnglishOtto2008-04-14 15:33 --------- d-----w C:\Program Files\Counter-Strike Source2008-04-14 15:33 --------- d-----w C:\Program Files\BFVCC Server Manager2008-04-11 14:49 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dvdcss2008-04-09 14:37 --------- d-----w C:\Program Files\uTorrent2008-04-09 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-04-09 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft2008-04-09 09:29 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe2008-04-04 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-04-04 21:14 --------- d-----w C:\Program Files\Ubisoft2008-04-02 15:43 --------- d-----w C:\Program Files\Java2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 2 Maj, 2008 Trådskapare Share Postad 2 Maj, 2008 Inlägg 2/4: 2008-03-1814:41 84,729 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-03-0617:49 --------- d-----w C:\Documents and Settings\HP_Administrator\ApplicationData\U3 2008-03-0221:56 --------- d-----w C:\Program Files\Eidos Interactive 2008-03-0116:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-2908:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-2908:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-2721:32 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-02-2721:31 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-02-2721:31 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-02-2210:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-2006:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-2006:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-2005:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-2005:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-2005:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-1819:35 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-02-1819:35 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-02-1819:35 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-02-1505:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-02-0319:31 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-02-0319:29 22,328 ----a-w C:\Documents and Settings\HP_Administrator\ApplicationData\PnkBstrK.sys 2007-10-1407:45 0 ----a-w C:\Documents andSettings\HP_Administrator\Application Data\wklnhst.dat 2007-08-1620:15 1 ----a-w C:\Documents and Settings\HP_Administrator\SI.bin 2004-08-0921:00 1,431,144 ----a-w C:\WINDOWS\inf\SET919.tmp 2004-08-0921:00 1,431,144 ----a-w C:\WINDOWS\inf\SET79E.tmp 2004-08-0921:00 1,431,144 ----a-w C:\WINDOWS\inf\SET66B.tmp 2004-08-0921:00 1,431,144 ----a-w C:\WINDOWS\inf\SET5E2.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note*empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\BrowserHelper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\ProgramFiles\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264] "AlcoholAutomount"="C:\ProgramFiles\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27 219520] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"[2004-08-09 23:00 15360] "msnmsgr"="C:\ProgramFiles\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35 5724184] "CreativeLive! Cam Manager"="C:\Program Files\Creative\Creative Live!Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360] "SpybotSDTeaTimer"="C:\Program Files\Spybot - Search &Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe"[2005-08-05 23:56 64512] "ftutil2"="ftutil2.dll"[2004-06-07 16:05 106496 C:\WINDOWS\system32\ftutil2.dll] "RTHDCPL"="RTHDCPL.EXE"[2006-07-21 18:56 16261632 C:\WINDOWS\RTHDCPL.EXE] "IAAnotif"="C:\ProgramFiles\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 17:15151552] "ATICCC"="C:\ProgramFiles\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "DMAScheduler"="c:\ProgramFiles\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 03:05 90112] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE"[2005-07-22 16:14 237568] "PCDrProfiler"=""[] "HPBootOp"="C:\ProgramFiles\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 16:34249856] "HPSoftware Update"="C:\Program Files\HP\HP SoftwareUpdate\HPwuSchd2.exe" [2005-02-17 00:11 49152] "nod32kui"="C:\ProgramFiles\Eset\nod32kui.exe" [2007-03-07 19:40 949376] "WheelMouse"="C:\ProgramFiles\A4Tech\Mouse\Amoumain.exe" [2006-02-17 11:14 163840] "MsgCenterExe"="C:\ProgramFiles\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ] "SunJavaUpdateSched"="C:\ProgramFiles\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "LaunchLGDCore"="C:\Program Files\Common Files\Logitech\G-seriesSoftware\LGDCore.exe" [2006-07-23 03:22 1126400] "LaunchLCDMon"="C:\Program Files\Common Files\Logitech\LCDManager\lcdmon.exe" [ ] "NeroFilterCheck"="C:\ProgramFiles\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "P1370Mon.exe"="C:\WINDOWS\P1370Mon.exe"[2006-06-19 19:00 36864] "AVFXEngine"="C:\Program Files\Creative\Creative Live!Cam\VideoFX\StartFX.exe" [2006-10-19 19:44 20480] "QuickTimeTask"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56286720] "VirtualCloneDrive"="C:\ProgramFiles\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:2194208] Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 2 Maj, 2008 Trådskapare Share Postad 2 Maj, 2008 Inlägg 3/4: "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe"[2005-09-27 02:34 169984] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\drivers32] "msacm.ivimp3en"=ivimp3en.acm [HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\services] "NOD32krn"=2(0x2) "aawservice"=2(0x2) [HKEY_LOCAL_MACHINE\software\microsoft\securitycenter] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\securitycenter\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\ProgramFiles\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\ProgramFiles\\Sierra\\FEAR\\FEAR.exe"= "C:\\ProgramFiles\\Sierra\\FEAR\\FEARMP.exe"= "C:\\ProgramFiles\\GameSpy Arcade\\Aphex.exe"= "C:\\ProgramFiles\\Warcraft III\\Warcraft III.exe"= "C:\\ProgramFiles\\Sierra\\FEAR\\FEARServer.exe"= "C:\\ProgramFiles\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "C:\\ProgramFiles\\Microsoft Games\\Age of Empires III\\age3x.exe"= "C:\\ProgramFiles\\Groove Games\\Land Of The Dead\\System\\LOTD.exe"= "C:\\ProgramFiles\\GameSpy\\Comrade\\Comrade.exe"= "C:\\ProgramFiles\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\ProgramFiles\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\Program Files\\Electronic Arts\\Slaget om MidgårdII\\game.dat"= "C:\\ProgramFiles\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "C:\\ProgramFiles\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\ProgramFiles\\Atari\\Deer Hunter 2005\\DH2005.exe"= "C:\\ProgramFiles\\Internet Explorer\\IEXPLORE.EXE"= "C:\\ProgramFiles\\Activision\\Rome - Total War\\RomeTW.exe"= "C:\\Program Files\\Electronic Arts\\Slaget om MidgårdII\\patchget.dat"= "C:\\Program Files\\Postal2STP\\System\\postal2.exe"= "C:\\ProgramFiles\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\ProgramFiles\\Windows Live\\Messenger\\livecall.exe"= "C:\\ProgramFiles\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"= "C:\\ProgramFiles\\LimeWire\\LimeWire.exe"= "C:\\ProgramFiles\\Mozilla Firefox\\firefox.exe"= "%windir%\\NetworkDiagnostic\\xpnetdiag.exe"= "C:\\ProgramFiles\\uTorrent\\utorrent.exe"= "C:\\ProgramFiles\\Counter-Strike Source\\hl2.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\ProgramFiles\\Eidos\\Hitman Blood Money\\HitmanBloodMoney.exe"= "C:\\ProgramFiles\\Skype\\Phone\\Skype.exe"= "C:\\Documentsand Settings\\HP_Administrator\\Desktop\\Half-Life\\hl.exe"= "C:\\ProgramFiles\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\ProgramFiles\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\ProgramFiles\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= R0xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24] R0xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03] R33xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-1122:36] R3P1370Aud;Creative WebCam Audio Control;C:\WINDOWS\system32\Drivers\P1370Aud.sys[2005-12-05 02:29] R3P1370Aul;PD1370 Lower Filter Driver;C:\WINDOWS\system32\Drivers\P1370Aul.sys[2005-12-06 02:58] R3P1370Vfx;P1370Vfx;C:\WINDOWS\system32\DRIVERS\P1370Vfx.sys [2006-03-24 10:24] R3P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys [2006-06-2009:39] S3hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys[2006-08-28 23:54] S3WN5301;LIteon Wireless PCI Network AdapterService;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 12:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R] \Shell\AutoRun\command- R:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ad46f6-6149-11dc-9fee-0018f3f1ff1e}] \Shell\AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cee84748-eb99-11dc-abb7-0018f3f1ff1e}] Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 2 Maj, 2008 Trådskapare Share Postad 2 Maj, 2008 Inlägg 4/4:\Shell\AutoRun\command - R:\LaunchU3.exe -a *Newly Created Service* - CATCHME.Contents of the 'Scheduled Tasks' folder"2007-12-24 14:29:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-02 12:56:19Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s".--------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\Eset\pr_imon.dll.Completion time: 2008-05-02 12:57:35ComboFix-quarantined-files.txt 2008-05-02 10:57:24 Pre-Run: 130,656,661,504 bytes freePost-Run: 131,215,663,104 bytes free 220 --- E O F --- 2008-04-09 11:07:14 Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 4 Maj, 2008 Share Postad 4 Maj, 2008 Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. Upprepa med nästa filnamn.C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exeC:\WINDOWS\system32\myss_sb.dllC:\WINDOWS\unins000.exeC:\WINDOWS\system32\myss_sb_uninstall.exeC:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exeResultatet från varje fil i sitt eget inlägg. Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 5 Maj, 2008 Trådskapare Share Postad 5 Maj, 2008 Hej CeciliaSka göra detta under kvällen.Vill bara passa på och tacka dig för ditt fantastiska engagemang. Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 5 Maj, 2008 Trådskapare Share Postad 5 Maj, 2008 Här följer resultatet av filen:C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e }.dll-uninst.exe Fil _f4d19b79-eb77-1de6-5d14-b58ba537 mottagen 2008.05.05 18:39:27 (CET) Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD Resultat: 2/30 (6.67%) Laddar server information... Din fil är köad i position: 2. Uppskattat starttid är mellan 40 och 57 sekunder. Stäng inte ner detta fönster förens sökningen är genomförd. Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat. Om du väntar i mer än 5 minuter måste du skicka in din fil igen. Din fil blir genomsökt av VirusTotal för tillfället, resultat kommer att visas när de är klara. Compact Skriv ut resultat Din fil har upphört eller existerar inte. Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid. Du kan vänta på ett svar (automatisk uppdatering)eller ange din email i formuläret nedan och klicka "begär" så kommersystemet att skicka dig ett email när sökningen är genomförd. Email: Antivirus Version Senaste Uppdatering Resultat AhnLab-V32008.5.3.02008.05.02-AntiVir7.8.0.112008.05.05-Authentium4.93.82008.05.05-Avast4.8.1169.02008.05.04-AVG7.5.0.5162008.05.05-BitDefender7.22008.05.05-CAT-QuickHeal9.502008.05.03-ClamAV0.92.12008.05.05-DrWeb4.44.0.091702008.05.04-eTrust-Vet31.3.57602008.05.05-Ewido4.02008.05.05-F-Prot4.4.2.542008.05.04-F-Secure6.70.13260.02008.05.05-Fortinet3.14.0.02008.05.05Adware/Vapsup.0408IkarusT3.1.1.262008.05.05-Kaspersky7.0.0.1252008.05.05-McAfee52872008.05.02-Microsoft1.34082008.04.22-NOD32v230752008.05.05-Norman5.80.022008.05.02-Panda9.0.0.42008.05.05-Prevx1V22008.05.05Cloaked MalwareRising20.43.01.002008.05.05-Sophos4.29.02008.05.05-Sunbelt3.0.1097.02008.05.03-Symantec102008.05.05-TheHacker6.2.92.3002008.05.03-VBA323.12.6.52008.05.05-VirusBuster4.3.26:92008.05.05-Webwasher-Gateway6.6.22008.05.05- Övrig information File size: 63880 bytesMD5...: ed7797a12688f086da3ac17b9436d1a2SHA1..: 8b8e2bea309d385225ad982b543e3721811c33efSHA256: b6a8ea5280bc2f13cf6c5c4ac952600f77b1a254e7ea25d5e7b018ba97646223SHA512: 571b5bcd01842e79231a51a6e1050b04c3db4f94f860a4f493971fbe92d53c8af6326d1638ffc6c70646c4fd24c9bb0a853d1a5ce2e923644b02ad4e0dbd4ad7PEiD..: -PEInfo: PE Structure information( base data )entrypointaddress.: 0x403225timedatestamp.....: 0x47acc8b2 (Fri Feb 08 21:25:06 2008)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75.data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.rsrc 0x2f000 0x6c8 0x800 2.77 754d8d7a05999ec9939d1d9c02f4562d( 8 imports ) >KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA,GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA,GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep,GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA,GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA,GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA,GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread,CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA,GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA,ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc,WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA,LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar,WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile,ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA,FindFirstFileA, DeleteFileA, GetWindowsDirectoryA> USER32.dll:EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem,GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos,GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton,GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible,CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA,TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics,SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA,DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA,SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow,wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA,CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA,OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA,LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA,DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA,EndPaint, ShowWindow> GDI32.dll: SetBkColor, GetDeviceCaps,DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode,SetTextColor, SelectObject> SHELL32.dll: SHGetPathFromIDListA,SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA,SHGetSpecialFolderLocation> ADVAPI32.dll: RegQueryValueExA,RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA,RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1355039788C62AA4F9560046E6D56D0073E5332D OBSERVERA:VirusTotal är en gratis tjänst av Hispasec Sistemas. Det är ingagarantier på tillgängligheten eller uppföljandet av denna tjänst. Ävenfast upptäckandet av virus med användandet av flertal antivirus programär mer överlägsen användandet av endast ett, garanterar INTE dessa resultat om en fil är helt riskfri. För närvarande finns det ingen lösning som erbjuder 100% effektivitet för att uppäcka virus och malware. Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 5 Maj, 2008 Trådskapare Share Postad 5 Maj, 2008 Här följer resultatet av filen:C:\WINDOWS\system32\myss_sb.dll Fil my mottagen 2008.05.01 02:51:06 (CET) Närvarande status: genomförd Resultat: 4/31 (12.90%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.1.0 2008.04.30 - AntiVir 7.8.0.11 2008.04.30 - Authentium 4.93.8 2008.04.30 - Avast 4.8.1169.0 2008.04.30 - AVG 7.5.0.516 2008.04.30 - BitDefender 7.2 2008.05.01 - CAT-QuickHeal 9.50 2008.04.30 - ClamAV None 2008.05.01 - DrWeb 4.44.0.09170 2008.04.30 Win32.HLLW.Autoruner.1861 eSafe 7.0.15.0 2008.04.28 - eTrust-Vet 31.3.5749 2008.04.30 - Ewido 4.0 2008.04.30 - F-Prot 4.4.2.54 2008.05.01 - F-Secure 6.70.13260.0 2008.04.30 - Fortinet 3.14.0.0 2008.04.30 - Ikarus T3.1.1.26 2008.05.01 - Kaspersky 7.0.0.125 2008.05.01 - McAfee 5285 2008.04.30 - Microsoft 1.3408 2008.04.22 Adware:Win32/SideSearch NOD32v2 3067 2008.04.30 - Norman 5.80.02 2008.04.30 - Panda 9.0.0.4 2008.04.30 - Prevx1 V2 2008.05.01 Generic.Malware Rising 20.42.22.00 2008.04.30 - Sophos 4.29.0 2008.05.01 - Sunbelt 3.0.1056.0 2008.04.17 - Symantec 10 2008.05.01 - TheHacker 6.2.92.298 2008.04.30 - VBA32 3.12.6.5 2008.05.01 - VirusBuster 4.3.26:9 2008.04.30 - Webwasher-Gateway 6.6.2 2008.04.30 BlockReason.0 Övrig information Tamano archivo: 334848 bytes MD5...: 206a74a8b3a8be81776514c101404fc7 SHA1..: cb44fd6eed58937eef7e7a5891c9ce110e37e9ff SHA256: 00384bbb763fffbfddd02b4a0ddc5c537add4588d122a5c5d7b40ce96575261c SHA512: 9aab6c973717871984d953f5fd2bb546da65a03927d0c4261a9c9e5ca2cd9b7975d4e09e4dfa11e603a0f7bfe5d9abf5915af4ea1447ab63eee2a7987ff6d9c3 PEiD..: - PEInfo: PE Structure information( base data )entrypointaddress.: 0x100165eftimedatestamp.....: 0x47ff87d0 (Fri Apr 11 15:46:24 2008)machinetype.......: 0x14c (I386)( 6 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x38078 0x38200 6.61 2812fdd6fdfb542807b5b6b20efced38.orpc 0x3a000 0x73 0x200 1.71 efce78bad399d30244fb13e8763ea6c4.rdata 0x3b000 0xec84 0xee00 5.02 a1a12dd4c3b27f9dd2667a9c6163b2da.data 0x4a000 0x6078 0x2600 4.54 fbdea135addf506de807a9889046bc47.rsrc 0x51000 0x1348 0x1400 4.23 40a18ece272d78fc1c8889e5cf97ac50.reloc 0x53000 0x6b26 0x6c00 5.01 cebff2b5809968a645e36424febd909b( 16 imports ) > VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW> imagehlp.dll: MapAndLoad, UnMapAndLoad> KERNEL32.dll: ReadFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, DuplicateHandle, GetCurrentProcess, FindClose, FindFirstFileW, GetFullPathNameW, FileTimeToLocalFileTime, GetFileAttributesW, GetFileTime, HeapAlloc, HeapFree, HeapReAlloc, GetCommandLineA, ExitProcess, RtlUnwind, TerminateProcess, HeapSize, VirtualProtect, VirtualAlloc, WritePrivateProfileStringW, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, SetUnhandledExceptionFilter, GetTimeZoneInformation, GetCPInfo, GetStringTypeA, GetStringTypeW, GetOEMCP, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, FileTimeToSystemTime, GlobalFlags, SetErrorMode, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, GlobalHandle, GlobalReAlloc, GetCurrentThread, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, LoadLibraryW, GetLocaleInfoW, FreeResource, GetCurrentThreadId, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetVersionExA, SetLastError, MulDiv, GlobalLock, GlobalUnlock, FormatMessageW, CreateProcessW, ReleaseMutex, OpenMutexW, WaitForSingleObject, CreateMutexW, lstrcatW, InterlockedDecrement, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, ExitThread, CreateThread, RaiseException, GetModuleHandleW, lstrcpyW, LoadLibraryExW, lstrcpynW, lstrcmpiW, FreeLibrary, lstrcmpW, FindResourceW, LoadResource, LockResource, SizeofResource, GetLastError, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, UnmapViewOfFile, MultiByteToWideChar, MapViewOfFile, CreateFileMappingW, GetFileSize, DeleteFileW, lstrlenA, WideCharToMultiByte, GetVolumeInformationW, GetWindowsDirectoryW, GetSystemInfo, SystemTimeToFileTime, GetLocalTime, GetModuleFileNameW, VirtualQuery, WriteFile, CreateFileW, GetTempFileNameW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, LocalAlloc, lstrlenW, LocalFree, CloseHandle, GetTickCount, GlobalFree, GlobalAlloc> USER32.dll: ValidateRect, SetWindowContextHelpId, MapDialogRect, PostQuitMessage, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, GetDesktopWindow, GetActiveWindow, GetNextDlgTabItem, EndDialog, IsWindowEnabled, MoveWindow, SetWindowTextW, IsDialogMessageW, SetMenuItemBitmaps, ModifyMenuW, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapW, RegisterWindowMessageW, WinHelpW, GetCapture, CreateWindowExW, SetWindowsHookExW, CallNextHookEx, GetClassInfoExW, GetClassLongW, SendDlgItemMessageW, SendDlgItemMessageA, GetFocus, GetCursorPos, SetFocus, IsChild, GetForegroundWindow, SetActiveWindow, DispatchMessageW, GetDlgItem, GetTopWindow, DestroyWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, LoadIconW, SetRect, MapWindowPoints, CopyAcceleratorTableW, PostThreadMessageW, RegisterClipboardFormatW, CharUpperW, MessageBeep, MessageBoxW, GetKeyState, SetForegroundWindow, IsWindowVisible, UpdateWindow, GetMenu, PostMessageW, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, GetClassInfoW, TranslateMessage, GetMessageW, SetCursor, RegisterClassW, GetSysColorBrush, LoadCursorW, DestroyMenu, IsWindow, IsRectEmpty, GetDlgCtrlID, DefWindowProcW, GetWindowLongW, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetSystemMetrics, CopyRect, PtInRect, GetWindow, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, UnregisterClassW, GetParent, GetClientRect, ShowWindow, BringWindowToTop, GetWindowRect, CharNextW, SetPropW, CallWindowProcW, RemovePropW, SetWindowLongW, GetPropW, SendMessageW, RealGetWindowClassW, GetClassNameW, GetWindowTextW, EnumChildWindows, wsprintfW, EnableWindow, GetNextDlgGroupItem, ReleaseCapture, SetCapture, InvalidateRgn, PeekMessageW, InvalidateRect, GetLastActivePopup, CreateDialogIndirectParamW> GDI32.dll: GetBkColor, GetTextColor, CreateRectRgnIndirect, GetMapMode, GetRgnBox, GetStockObject, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetBkColor, SetTextColor, GetClipBox, GetDeviceCaps, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, GetWindowExtEx, GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC, CreateBitmap, GetObjectW, SetWindowExtEx> comdlg32.dll: GetFileTitleW> WINSPOOL.DRV: OpenPrinterW, DocumentPropertiesW, ClosePrinter> ADVAPI32.dll: CryptReleaseContext, RegQueryValueW, RegEnumKeyW, RegOpenKeyW, RegCreateKeyExW, RegOpenKeyExW, RegQueryInfoKeyW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyW, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptAcquireContextW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCloseKey> COMCTL32.dll: -> SHLWAPI.dll: PathFindExtensionW, PathStripToRootW, StrCmpIW, StrToIntW, StrStrIW, UrlGetPartW, PathFindFileNameW, UrlUnescapeW, PathIsUNCW> oledlg.dll: OleUIBusyW> ole32.dll: CoUninitialize, CoInitialize, CoTaskMemAlloc, CLSIDFromProgID, CoTaskMemFree, StringFromGUID2, StringFromCLSID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoCreateInstance, CreateILockBytesOnHGlobal, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter, CoTaskMemRealloc> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -> urlmon.dll: UrlMkGetSessionOption, URLDownloadToFileW> RPCRT4.dll: NdrDllGetClassObject, IUnknown_AddRef_Proxy, NdrCStdStubBuffer2_Release, IUnknown_Release_Proxy, IUnknown_QueryInterface_Proxy, NdrOleFree, NdrStubForwardingFunction, NdrOleAllocate, NdrCStdStubBuffer_Release, NdrDllRegisterProxy, NdrDllCanUnloadNow, NdrDllUnregisterProxy> WININET.dll: InternetSetOptionW, InternetQueryOptionW, HttpSendRequestW, InternetCrackUrlW, InternetConnectW, InternetOpenW, HttpQueryInfoW, InternetReadFile, HttpOpenRequestW, FindFirstUrlCacheEntryExW, DeleteUrlCacheEntryW, FindNextUrlCacheEntryExW, FindCloseUrlCache, InternetCloseHandle( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1125B36A008FEA201C7705B8D04A3200F920A68C Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 5 Maj, 2008 Trådskapare Share Postad 5 Maj, 2008 Här följer resultatet av filen:C:\WINDOWS\un ins000.exe Fil unins000.exe mottagen 2008.04.13 19:36:47 (CET) Närvarande status: genomförd Resultat: 0/32 (0.00%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.4.12.0 2008.04.11 - AntiVir 7.6.0.85 2008.04.11 - Authentium 4.93.8 2008.04.13 - Avast 4.8.1169.0 2008.04.13 - AVG 7.5.0.516 2008.04.13 - BitDefender 7.2 2008.04.13 - CAT-QuickHeal 9.50 2008.04.12 - ClamAV 0.92.1 2008.04.13 - DrWeb 4.44.0.09170 2008.04.13 - eSafe 7.0.15.0 2008.04.09 - eTrust-Vet 31.3.5692 2008.04.11 - Ewido 4.0 2008.04.13 - F-Prot 4.4.2.54 2008.04.13 - F-Secure 6.70.13260.0 2008.04.13 - FileAdvisor 1 2008.04.13 - Fortinet 3.14.0.0 2008.04.13 - Ikarus T3.1.1.26 2008.04.13 - Kaspersky 7.0.0.125 2008.04.13 - McAfee 5272 2008.04.11 - Microsoft 1.3408 2008.04.13 - NOD32v2 3021 2008.04.12 - Norman 5.80.02 2008.04.12 - Panda 9.0.0.4 2008.04.13 - Prevx1 V2 2008.04.13 - Rising 20.39.62.00 2008.04.13 - Sophos 4.28.0 2008.04.13 - Sunbelt 3.0.1041.0 2008.04.12 - Symantec 10 2008.04.13 - TheHacker 6.2.92.276 2008.04.12 - VBA32 3.12.6.4 2008.04.13 - VirusBuster 4.3.26:9 2008.04.13 - Webwasher-Gateway 6.6.2 2008.04.11 - Övrig information File size: 691545 bytes MD5...: fa216964c56aceb2ecafce0815494dbc SHA1..: ab6804f5c6864c7308b042f3457cc7301aa4d67b SHA256: 6079c7cf77cc6a3610e60933fabca46de2afc2f59a41394a5badf7bf11697973 SHA512: 52417c0db4c9870bac098543fd87761aa36d213062dc0f18a274df2d5d6ed89f8f45945914a1b525129b9fd82b2cbea6f287eafd147f3ea88053d45aaad498d6 PEiD..: - PEInfo: PE Structure information( base data )entrypointaddress.: 0x48fb00timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)machinetype.......: 0x14c (I386)( 8 sections )name viradd virsiz rawdsiz ntrpy md5CODE 0x1000 0x8ed30 0x8ee00 6.59 65057a4ee67c422926d7ddc20ed1763eDATA 0x90000 0xf6c 0x1000 4.30 d21fe5132dea99525a6cf1585a804736BSS 0x91000 0x139c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.idata 0x93000 0x2580 0x2600 4.93 e5e6e5ba169e985617b6ee51af033aa1.tls 0x96000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.rdata 0x97000 0x18 0x200 0.20 aa788c79120afbe36e18b7b180139dd9.reloc 0x98000 0x8250 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.rsrc 0xa1000 0x13a00 0x13a00 4.92 922121138b9461e06c43de883787955b( 17 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle> user32.dll: MessageBoxA> oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid> kernel32.dll: lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA> gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx> comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls> ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID> oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString> shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA> shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA> ole32.dll: CoDisconnectObject> advapi32.dll: AdjustTokenPrivileges( 0 exports ) Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 5 Maj, 2008 Trådskapare Share Postad 5 Maj, 2008 Här följer resultatet av filen:C:\WINDOWS\system32\myss_sb_uninstall.exe Fil myss_sb_uninstall.exe_ mottagen 2008.05.03 21:19:21 (CET) Närvarande status: genomförd Resultat: 1/31 (3.23%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.3.0 2008.05.02 - AntiVir 7.8.0.11 2008.05.02 - Authentium 4.93.8 2008.05.02 - Avast 4.8.1169.0 2008.05.03 - AVG 7.5.0.516 2008.05.03 - BitDefender 7.2 2008.05.03 - CAT-QuickHeal 9.50 2008.05.03 - ClamAV 0.92.1 2008.05.03 - DrWeb 4.44.0.09170 2008.05.03 - eSafe 7.0.15.0 2008.04.28 - eTrust-Vet 31.3.5755 2008.05.03 - Ewido 4.0 2008.05.03 - F-Prot 4.4.2.54 2008.05.02 - F-Secure 6.70.13260.0 2008.05.03 - Fortinet 3.14.0.0 2008.05.03 - Ikarus T3.1.1.26 2008.05.03 - Kaspersky 7.0.0.125 2008.05.03 - McAfee 5287 2008.05.02 - Microsoft 1.3408 2008.04.22 - NOD32v2 3072 2008.05.03 - Norman 5.80.02 2008.05.02 - Panda 9.0.0.4 2008.05.03 - Prevx1 V2 2008.05.03 Cloaked Malware Rising 20.42.22.00 2008.04.30 - Sophos 4.29.0 2008.05.03 - Sunbelt 3.0.1097.0 2008.05.03 - Symantec 10 2008.05.03 - TheHacker 6.2.92.300 2008.05.03 - VBA32 3.12.6.5 2008.05.03 - VirusBuster 4.3.26:9 2008.05.03 - Webwasher-Gateway 6.6.2 2008.05.03 - Övrig information File size: 89070 bytes MD5...: 3eff99dbfcce3d603ec795f39c152b0b SHA1..: 72434e66c9295a201938ea8ce36b5277d7f11536 SHA256: 8559f5f8a32b3f1ebc28183d6bfdb413363f0d4180503738411b8ee2d68f68ea SHA512: 4092b49ace43d3c1dced98590e9848cd6bbbfa62424099a3ac5daf0bca27cd304c99c58b8fc12b14cc34879cd28c9f8a35e76db2d2ceb2fa4bdc5aaf219e485b PEiD..: - PEInfo: PE Structure information( base data )entrypointaddress.: 0x403228timedatestamp.....: 0x47acc8a9 (Fri Feb 08 21:24:57 2008)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x5a7e 0x5c00 6.47 47641d572224078da00d12032a7bb9d7.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75.data 0x9000 0x3997d8 0x400 4.71 1043e85c0a23a45c2aa392431eeaf00d.ndata 0x3a3000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.rsrc 0x3ac000 0x6fb0 0x7000 5.73 2cc0c48de1479acffe0686dbc3a5c5e7( 8 imports ) > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=89E44400EE1AFD8B5B39012CAFB2570007BEED05 Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 5 Maj, 2008 Trådskapare Share Postad 5 Maj, 2008 Här följer resultatet av filen:C:\WINDOW S\system32\mysidesearch_sidebar_uninstall.exe Fil mysidesearch_sidebar_uninstall.ex mottagen 2008.04.01 18:34:02 (CET) Närvarande status: genomförd Resultat: 1/32 (3.12%) Compact Skriv ut resultat Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - FileAdvisor - - - Fortinet - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - - Panda - - - Prevx1 - - TROJAN.ADCLICKER.Q Rising - - - Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - - Övrig information MD5: ef398e60ed3233c43357c2df4fe0daf3 SHA1: 28ca740f93182568c24dce6ef2aec14468af7d92 SHA256: e30961b8777d1a9fe62f30ba05bb6acacbf62647943a120f11f521d670642ea3 SHA512: be1ef89bf3d6556573bd3dc0055298866bc8422e49d50c469b02ad1f4d0d819e58ad35ef6e463add69f6a565fa5566b01ed4b720cf8d31ee1f2774b3c3b4be5c Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 5 Maj, 2008 Share Postad 5 Maj, 2008 Kopiera följande 7 färgade raderFile:: C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exeC:\WINDOWS\system32\myss_sb.dllC:\WINDOWS\unins000.exeC:\WINDOWS\system32\myss_sb_uninstall.exeC:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exeC:\WINDOWS\unins000.datoch klistra in i Anteckningar.Spara filen på Skrivbordet med namnet CFScript.Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.Rätt högt upp på forumsidan så har du en svart rad som slutar med ordet FILER.Tryck på den. Där kan du ladda upp den nya ComboFix-loggen och en ny HijackThis-logg. Skriv här vad loggarna heter så kan jag hämta dem.Klistra in loggen som kommer ut och en ny HijackThis-logg. Länk till kommentar Dela på andra webbplatser More sharing options...
Scoter72 Postad 9 Maj, 2008 Trådskapare Share Postad 9 Maj, 2008 Hej CeciliaVi har laddat upp filerna som du önskade.De bör vara åtkomliga för dig.Om inte så hör av dig.MvhScoter72 Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 9 Maj, 2008 Share Postad 9 Maj, 2008 Tack, det verkar gå bra att läsa filerna. Lite omständigt men det blev ju alldeles för segt med dem inklistrade.Ställ in Utforskaren så att du kan se alla filer: Verktyg - (Mapp)alternativ eller liknande - Visning Välj Visa dolda filer och mappar Avbocka Dölj filnamnstillägg för kända filtyper Avbocka Dölj skyddade operativsystemfilerTa bort filerna:C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exeC:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exeC:\WINDOWS\unins000.datStarta om datorn.Hur uppför sig datorn nu? Länk till kommentar Dela på andra webbplatser More sharing options...
Rekommendera Poster
Arkiverat
Det här ämnet är nu arkiverat och är stängt för ytterligare svar.