Just nu i M3-nätverket
Jump to content

Ads served by...


Scoter72

Recommended Posts

Hej,
Ett popupfönster dyker upp ibland med reklam.

Ads served by Rightonadz
Ads served by Asddite

Operativsystem Windows XP, Internet Explorer 7

Någon som vet hur man blir av med dessa?

Har försökt med adaware, SB&D

Link to comment
Share on other sites

    Hej igen

Nu har vi gjort som du bad om och här är resultatet:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:51, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\P1370Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=PAVILION&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonadz browser optimizer - {09bee258-ffcf-80c8-ca41-2ef20109f0cc} - C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - C:\WINDOWS\system32\gzmrotate.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [P1370Mon.exe] C:\WINDOWS\P1370Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll" DllInit
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{D134BD40-CF2D-46D0-AB91-D6D76B78A79A}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11602 bytes

Tacksam för tipps cool.png

Link to comment
Share on other sites

Ladda ner ComboFix till Skrivbordet:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Dra ur internetanslutningen och stäng av alla program du ser

inklusive antivirusprogram, antispionprogram och brandvägg (alternativt

starta om datorn i felsäkert läge).

Kör ComboFix och följ anvisningarna som visas.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar men dela upp loggen i t ex 4 olika inlägg för forumet blir lätt segt annars.

Kontrollera att antivirusprogram och brandvägg är igång innan du

ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning!

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter

för att göra det lättare att rensa datorn. Det kan bli problem t ex om

du har internet via ett USB-modem. Säg då till i stället för att köra

ComboFix.

Link to comment
Share on other sites

  • 3 weeks later...

 Hej igen
Sent om sidor så har vi nu fått fram följande logg.
Har delat upp loggen i 4 inlägg som du önskar.

ComboFix 08-05-01.1 - HP_Administrator 2008-05-02 12:50:39.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1542 [GMT 2:00]

Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

 * Created a new restore point

 * Resident AV is active

 

.

 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\HP_Administrator\Application Data\urlredir.cfg

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll

C:\WINDOWS\system32\adssite-remove.exe

C:\WINDOWS\system32\adssite_sidebar.dll

C:\WINDOWS\system32\iebrowserc.dll

C:\WINDOWS\system32\rightonadz-uninst.exe

E:\Autorun.inf

 

.

(((((((((((((((((((((((((   Files Created from 2008-04-02 to 2008-05-02  )))))))))))))))))))))))))))))))

.

 

2008-04-21 17:05 . 2008-04-21 17:05                <DIR>                 d--------             C:\Program Files\PhotoFiltre

2008-04-14 17:10 . 2008-04-14 17:10                <DIR>                 d--------             C:\Program Files\Trend Micro

2008-04-14 08:51 . 2008-04-14 08:51                <DIR>                 d--------             C:\Sierra

2008-04-12 08:41 . 2008-04-12 08:41                63,880                --a------             C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exe

2008-04-11 17:46 . 2008-04-11 17:46                334,848              --a------             C:\WINDOWS\system32\myss_sb.dll

2008-04-10 11:40 . 2008-04-10 11:36                691,545              --a------             C:\WINDOWS\unins000.exe

2008-04-10 11:40 . 2008-04-10 11:40                2,552                  --a------             C:\WINDOWS\unins000.dat

2008-04-10 11:33 . 2008-04-10 11:42                <DIR>                 d--------             C:\Program Files\Spybot - Search & Destroy

2008-04-10 11:33 . 2008-04-10 11:43                <DIR>                 d--------             C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-10 11:28 . 2008-04-14 16:11                89,070                --a------             C:\WINDOWS\system32\myss_sb_uninstall.exe

2008-04-04 23:30 . 2008-04-04 23:30                <DIR>                 d--------             C:\Documents and Settings\HP_Administrator\Application Data\Ubisoft

2008-04-04 23:30 . 2008-04-04 23:30                <DIR>                 d--------             C:\Documents and Settings\All Users\Application Data\Ubisoft

2008-04-04 21:16 . 2008-04-18 17:18                <DIR>                 d--------             C:\Program Files\Windows Live Safety Center

 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 00:17                        ---------              d-----w              C:\Documents and Settings\HP_Administrator\Application Data\uTorrent

2008-05-01 19:19                        ---------              d-----w              C:\Documents and Settings\HP_Administrator\Application Data\LimeWire

2008-05-01 11:26                        22,328                ----a-w               C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-01 11:25                        107,832              ----a-w               C:\WINDOWS\system32\PnkBstrB.exe

2008-04-27 19:37                        ---------              d-----w              C:\Documents and Settings\HP_Administrator\Application Data\Hamachi

2008-04-16 12:46                        ---------              d-----w              C:\Documents and Settings\HP_Administrator\Application Data\Skype

2008-04-14 17:07                        ---------              d-----w              C:\Program Files\Windows Media Connect 2

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\PC-Doctor 5 for Windows

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\Microsoft Works

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\LimeWire

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\GemMaster

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\GameSpy Arcade

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\EnglishOtto

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\Counter-Strike Source

2008-04-14 15:33                        ---------              d-----w              C:\Program Files\BFVCC Server Manager

2008-04-11 14:49                        ---------              d-----w              C:\Documents and Settings\HP_Administrator\Application Data\dvdcss

2008-04-09 14:37                        ---------              d-----w              C:\Program Files\uTorrent

2008-04-09 11:07                        ---------              d-----w              C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-09 09:31                        ---------              d-----w              C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-09 09:29                        12,632                ----a-w               C:\WINDOWS\system32\lsdelete.exe

2008-04-04 21:14                        ---------              d--h--w             C:\Program Files\InstallShield Installation Information

2008-04-04 21:14                        ---------              d-----w              C:\Program Files\Ubisoft

2008-04-02 15:43                        ---------              d-----w              C:\Program Files\Java

2008-03-19 09:47                        1,845,248          ----a-w               C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47                        1,845,248          ------w               C:\WINDOWS\system32\dllcache\win32k.sys


Link to comment
Share on other sites

Inlägg 2/4:

2008-03-1814:41                        84,729                ----a-w               C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

2008-03-0617:49                        ---------              d-----w              C:\Documents and Settings\HP_Administrator\ApplicationData\U3

2008-03-0221:56                        ---------              d-----w              C:\Program Files\Eidos Interactive

2008-03-0116:36                        3,591,680          ------w               C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-2908:55                        70,656                ------w               C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-2908:55                        625,664              ------w               C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-2721:32                        98,304                ----a-w               C:\WINDOWS\system32\CmdLineExt.dll

2008-02-2721:31                        86,016                ----a-w               C:\WINDOWS\system32\OpenAL32.dll

2008-02-2721:31                        262,144              ----a-w               C:\WINDOWS\system32\wrap_oal.dll

2008-02-2210:00                        13,824                ------w               C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-2006:51                        282,624              ----a-w               C:\WINDOWS\system32\gdi32.dll

2008-02-2006:51                        282,624              ------w               C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-2005:32                        45,568                ----a-w               C:\WINDOWS\system32\dnsrslvr.dll

2008-02-2005:32                        45,568                ------w               C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-2005:32                        148,992              ------w               C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-1819:35                        21,840                ----atw               C:\WINDOWS\system32\SIntfNT.dll

2008-02-1819:35                        17,212                ----atw               C:\WINDOWS\system32\SIntf32.dll

2008-02-1819:35                        12,067                ----atw               C:\WINDOWS\system32\SIntf16.dll

2008-02-1505:44                        161,792              ------w               C:\WINDOWS\system32\dllcache\ieakui.dll

2008-02-0319:31                        66,872                ----a-w               C:\WINDOWS\system32\PnkBstrA.exe

2008-02-0319:29                        22,328                ----a-w               C:\Documents and Settings\HP_Administrator\ApplicationData\PnkBstrK.sys

2007-10-1407:45                        0                           ----a-w               C:\Documents andSettings\HP_Administrator\Application Data\wklnhst.dat

2007-08-1620:15                        1                           ----a-w               C:\Documents and Settings\HP_Administrator\SI.bin

2004-08-0921:00                        1,431,144          ----a-w               C:\WINDOWS\inf\SET919.tmp

2004-08-0921:00                        1,431,144          ----a-w               C:\WINDOWS\inf\SET79E.tmp

2004-08-0921:00                        1,431,144          ----a-w               C:\WINDOWS\inf\SET66B.tmp

2004-08-0921:00                        1,431,144          ----a-w               C:\WINDOWS\inf\SET5E2.tmp

.

 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note*empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\BrowserHelper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\ProgramFiles\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

"AlcoholAutomount"="C:\ProgramFiles\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27 219520]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"[2004-08-09 23:00 15360]

"msnmsgr"="C:\ProgramFiles\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35 5724184]

"CreativeLive! Cam Manager"="C:\Program Files\Creative\Creative Live!Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]

"SpybotSDTeaTimer"="C:\Program Files\Spybot - Search &Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe"[2005-08-05 23:56 64512]

"ftutil2"="ftutil2.dll"[2004-06-07 16:05 106496 C:\WINDOWS\system32\ftutil2.dll]

"RTHDCPL"="RTHDCPL.EXE"[2006-07-21 18:56 16261632 C:\WINDOWS\RTHDCPL.EXE]

"IAAnotif"="C:\ProgramFiles\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 17:15151552]

"ATICCC"="C:\ProgramFiles\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]

"DMAScheduler"="c:\ProgramFiles\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 03:05 90112]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE"[2005-07-22 16:14 237568]

"PCDrProfiler"=""[]

"HPBootOp"="C:\ProgramFiles\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 16:34249856]

"HPSoftware Update"="C:\Program Files\HP\HP SoftwareUpdate\HPwuSchd2.exe" [2005-02-17 00:11 49152]

"nod32kui"="C:\ProgramFiles\Eset\nod32kui.exe" [2007-03-07 19:40 949376]

"WheelMouse"="C:\ProgramFiles\A4Tech\Mouse\Amoumain.exe" [2006-02-17 11:14 163840]

"MsgCenterExe"="C:\ProgramFiles\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]

"SunJavaUpdateSched"="C:\ProgramFiles\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"LaunchLGDCore"="C:\Program Files\Common Files\Logitech\G-seriesSoftware\LGDCore.exe" [2006-07-23 03:22 1126400]

"LaunchLCDMon"="C:\Program Files\Common Files\Logitech\LCDManager\lcdmon.exe" [ ]

"NeroFilterCheck"="C:\ProgramFiles\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"P1370Mon.exe"="C:\WINDOWS\P1370Mon.exe"[2006-06-19 19:00 36864]

"AVFXEngine"="C:\Program Files\Creative\Creative Live!Cam\VideoFX\StartFX.exe" [2006-10-19 19:44 20480]

"QuickTimeTask"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56286720]

"VirtualCloneDrive"="C:\ProgramFiles\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:2194208]

 
Link to comment
Share on other sites

Inlägg 3/4:

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe"[2005-09-27 02:34 169984]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\drivers32]

"msacm.ivimp3en"=ivimp3en.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\services]

"NOD32krn"=2(0x2)

"aawservice"=2(0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\securitycenter]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\securitycenter\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"=0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\ProgramFiles\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\ProgramFiles\\Sierra\\FEAR\\FEAR.exe"=

"C:\\ProgramFiles\\Sierra\\FEAR\\FEARMP.exe"=

"C:\\ProgramFiles\\GameSpy Arcade\\Aphex.exe"=

"C:\\ProgramFiles\\Warcraft III\\Warcraft III.exe"=

"C:\\ProgramFiles\\Sierra\\FEAR\\FEARServer.exe"=

"C:\\ProgramFiles\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\ProgramFiles\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"C:\\ProgramFiles\\Groove Games\\Land Of The Dead\\System\\LOTD.exe"=

"C:\\ProgramFiles\\GameSpy\\Comrade\\Comrade.exe"=

"C:\\ProgramFiles\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\ProgramFiles\\EA GAMES\\MOHAA\\MOHAA.exe"=

"C:\\Program Files\\Electronic Arts\\Slaget om MidgårdII\\game.dat"=

"C:\\ProgramFiles\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"C:\\ProgramFiles\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"C:\\ProgramFiles\\Atari\\Deer Hunter 2005\\DH2005.exe"=

"C:\\ProgramFiles\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\ProgramFiles\\Activision\\Rome - Total War\\RomeTW.exe"=

"C:\\Program Files\\Electronic Arts\\Slaget om MidgårdII\\patchget.dat"=

"C:\\Program Files\\Postal2STP\\System\\postal2.exe"=

"C:\\ProgramFiles\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\ProgramFiles\\Windows Live\\Messenger\\livecall.exe"=

"C:\\ProgramFiles\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=

"C:\\ProgramFiles\\LimeWire\\LimeWire.exe"=

"C:\\ProgramFiles\\Mozilla Firefox\\firefox.exe"=

"%windir%\\NetworkDiagnostic\\xpnetdiag.exe"=

"C:\\ProgramFiles\\uTorrent\\utorrent.exe"=

"C:\\ProgramFiles\\Counter-Strike Source\\hl2.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\ProgramFiles\\Eidos\\Hitman Blood Money\\HitmanBloodMoney.exe"=

"C:\\ProgramFiles\\Skype\\Phone\\Skype.exe"=

"C:\\Documentsand Settings\\HP_Administrator\\Desktop\\Half-Life\\hl.exe"=

"C:\\ProgramFiles\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\ProgramFiles\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"C:\\ProgramFiles\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

 

R0xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]

R0xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]

R33xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-1122:36]

R3P1370Aud;Creative WebCam Audio Control;C:\WINDOWS\system32\Drivers\P1370Aud.sys[2005-12-05 02:29]

R3P1370Aul;PD1370 Lower Filter Driver;C:\WINDOWS\system32\Drivers\P1370Aul.sys[2005-12-06 02:58]

R3P1370Vfx;P1370Vfx;C:\WINDOWS\system32\DRIVERS\P1370Vfx.sys [2006-03-24 10:24]

R3P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys [2006-06-2009:39]

S3hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys[2006-08-28 23:54]

S3WN5301;LIteon Wireless PCI Network AdapterService;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 12:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R]

\Shell\AutoRun\command- R:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ad46f6-6149-11dc-9fee-0018f3f1ff1e}]

\Shell\AutoRun\command- G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cee84748-eb99-11dc-abb7-0018f3f1ff1e}]

 
Link to comment
Share on other sites

Inlägg 4/4:

\Shell\AutoRun\command - R:\LaunchU3.exe -a

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-12-24 14:29:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-02 12:56:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\Eset\pr_imon.dll

.

Completion time: 2008-05-02 12:57:35

ComboFix-quarantined-files.txt  2008-05-02 10:57:24

 

Pre-Run: 130,656,661,504 bytes free

Post-Run: 131,215,663,104 bytes free

 

220                      --- E O F ---       2008-04-09 11:07:14
 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/

klistra in ett av följande filnamn i

rutan, tryck på Skicka Fil och vänta tills resultatet är klart

(Närvarande status blir genomförd). Klistra in resultatet från de olika

antivirusprogrammen här. Upprepa med

nästa filnamn.
C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exe
C:\WINDOWS\system32\myss_sb.dll
C:\WINDOWS\unins000.exe
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

Resultatet från varje fil i sitt eget inlägg.

Link to comment
Share on other sites

Hej Cecilia

Ska göra detta under kvällen.
Vill bara passa på och tacka dig för ditt fantastiska engagemang. biggrin.png

Link to comment
Share on other sites

    Här följer resultatet av filen:
C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e }.dll-uninst.exe

Fil _f4d19b79-eb77-1de6-5d14-b58ba537 mottagen 2008.05.05 18:39:27 (CET)
Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD
loader.gif
Resultat: 2/30 (6.67%)
Laddar server information...
Din fil är köad i position: 2.
Uppskattat starttid är mellan 40 och 57 sekunder.
Stäng inte ner detta fönster förens sökningen är genomförd.
Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.
Om du väntar i mer än 5 minuter måste du skicka in din fil igen.
Din fil blir genomsökt av VirusTotal för tillfället,
resultat kommer att visas när de är klara.
Skriv ut resultat Skriv ut resultat
Din fil har upphört eller existerar inte.
Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

 

Du kan vänta på ett svar (automatisk uppdatering)eller ange din email i formuläret nedan och klicka "begär" så kommersystemet att skicka dig ett email när sökningen är genomförd. Email:
Antivirus Version Senaste Uppdatering Resultat AhnLab-V32008.5.3.02008.05.02-AntiVir7.8.0.112008.05.05-Authentium4.93.82008.05.05-Avast4.8.1169.02008.05.04-AVG7.5.0.5162008.05.05-BitDefender7.22008.05.05-CAT-QuickHeal9.502008.05.03-ClamAV0.92.12008.05.05-DrWeb4.44.0.091702008.05.04-eTrust-Vet31.3.57602008.05.05-Ewido4.02008.05.05-F-Prot4.4.2.542008.05.04-F-Secure6.70.13260.02008.05.05-Fortinet3.14.0.02008.05.05Adware/Vapsup.0408IkarusT3.1.1.262008.05.05-Kaspersky7.0.0.1252008.05.05-McAfee52872008.05.02-Microsoft1.34082008.04.22-NOD32v230752008.05.05-Norman5.80.022008.05.02-Panda9.0.0.42008.05.05-Prevx1V22008.05.05Cloaked MalwareRising20.43.01.002008.05.05-Sophos4.29.02008.05.05-Sunbelt3.0.1097.02008.05.03-Symantec102008.05.05-TheHacker6.2.92.3002008.05.03-VBA323.12.6.52008.05.05-VirusBuster4.3.26:92008.05.05-Webwasher-Gateway6.6.22008.05.05- Övrig information File size: 63880 bytesMD5...: ed7797a12688f086da3ac17b9436d1a2SHA1..: 8b8e2bea309d385225ad982b543e3721811c33efSHA256: b6a8ea5280bc2f13cf6c5c4ac952600f77b1a254e7ea25d5e7b018ba97646223SHA512: 571b5bcd01842e79231a51a6e1050b04c3db4f94f860a4f493971fbe92d53c8a
f6326d1638ffc6c70646c4fd24c9bb0a853d1a5ce2e923644b02ad4e0dbd4ad7PEiD..: -PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x47acc8b2 (Fri Feb 08 21:25:06 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206
.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2f000 0x6c8 0x800 2.77 754d8d7a05999ec9939d1d9c02f4562d

( 8 imports )
>KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA,GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA,GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep,GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA,GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA,GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA,GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread,CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA,GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA,ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc,WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA,LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar,WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile,ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA,FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll:EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem,GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos,GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton,GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible,CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA,TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics,SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA,DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA,SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow,wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA,CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA,OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA,LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA,DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA,EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps,DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode,SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA,SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA,SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA,RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA,RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1355039788C62AA4F9560046E6D56D0073E5332D

 

ATENTIONOBSERVERA:VirusTotal är en gratis tjänst av Hispasec Sistemas. Det är ingagarantier på tillgängligheten eller uppföljandet av denna tjänst. Ävenfast upptäckandet av virus med användandet av flertal antivirus programär mer överlägsen användandet av endast ett, garanterar INTE dessa resultat om en fil är helt riskfri. För närvarande finns det ingen lösning som erbjuder 100% effektivitet för att uppäcka virus och malware.


Link to comment
Share on other sites

    Här följer resultatet av filen:
C:\WINDOWS\system32\myss_sb.dll

Fil my mottagen 2008.05.01 02:51:06 (CET)

 

Närvarande status:

 

genomförd


 

Resultat: 4/31 (12.90%)

 

Skriv ut resultatSkriv ut resultat

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

2008.5.1.0

2008.04.30

-

 

AntiVir

7.8.0.11

2008.04.30

-

 

Authentium

4.93.8

2008.04.30

-

 

Avast

4.8.1169.0

2008.04.30

-

 

AVG

7.5.0.516

2008.04.30

-

 

BitDefender

7.2

2008.05.01

-

 

CAT-QuickHeal

9.50

2008.04.30

-

 

ClamAV

None

2008.05.01

-

 

DrWeb

4.44.0.09170

2008.04.30

Win32.HLLW.Autoruner.1861

 

eSafe

7.0.15.0

2008.04.28

-

 

eTrust-Vet

31.3.5749

2008.04.30

-

 

Ewido

4.0

2008.04.30

-

 

F-Prot

4.4.2.54

2008.05.01

-

 

F-Secure

6.70.13260.0

2008.04.30

-

 

Fortinet

3.14.0.0

2008.04.30

-

 

Ikarus

T3.1.1.26

2008.05.01

-

 

Kaspersky

7.0.0.125

2008.05.01

-

 

McAfee

5285

2008.04.30

-

 

Microsoft

1.3408

2008.04.22

Adware:Win32/SideSearch

 

NOD32v2

3067

2008.04.30

-

 

Norman

5.80.02

2008.04.30

-

 

Panda

9.0.0.4

2008.04.30

-

 

Prevx1

V2

2008.05.01

Generic.Malware

 

Rising

20.42.22.00

2008.04.30

-

 

Sophos

4.29.0

2008.05.01

-

 

Sunbelt

3.0.1056.0

2008.04.17

-

 

Symantec

10

2008.05.01

-

 

TheHacker

6.2.92.298

2008.04.30

-

 

VBA32

3.12.6.5

2008.05.01

-

 

VirusBuster

4.3.26:9

2008.04.30

-

 

Webwasher-Gateway

6.6.2

2008.04.30

BlockReason.0

 

 

 

 

Övrig information

 

Tamano archivo: 334848 bytes

 

MD5...: 206a74a8b3a8be81776514c101404fc7

 

SHA1..: cb44fd6eed58937eef7e7a5891c9ce110e37e9ff

 

SHA256: 00384bbb763fffbfddd02b4a0ddc5c537add4588d122a5c5d7b40ce96575261c

 

SHA512: 9aab6c973717871984d953f5fd2bb546da65a03927d0c4261a9c9e5ca2cd9b79
75d4e09e4dfa11e603a0f7bfe5d9abf5915af4ea1447ab63eee2a7987ff6d9c3

 

PEiD..: -

 

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100165ef
timedatestamp.....: 0x47ff87d0 (Fri Apr 11 15:46:24 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x38078 0x38200 6.61 2812fdd6fdfb542807b5b6b20efced38
.orpc 0x3a000 0x73 0x200 1.71 efce78bad399d30244fb13e8763ea6c4
.rdata 0x3b000 0xec84 0xee00 5.02 a1a12dd4c3b27f9dd2667a9c6163b2da
.data 0x4a000 0x6078 0x2600 4.54 fbdea135addf506de807a9889046bc47
.rsrc 0x51000 0x1348 0x1400 4.23 40a18ece272d78fc1c8889e5cf97ac50
.reloc 0x53000 0x6b26 0x6c00 5.01 cebff2b5809968a645e36424febd909b

( 16 imports )
> VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
> imagehlp.dll: MapAndLoad, UnMapAndLoad
>

KERNEL32.dll: ReadFile, SetFilePointer, FlushFileBuffers, LockFile,

UnlockFile, SetEndOfFile, DuplicateHandle, GetCurrentProcess,

FindClose, FindFirstFileW, GetFullPathNameW, FileTimeToLocalFileTime,

GetFileAttributesW, GetFileTime, HeapAlloc, HeapFree, HeapReAlloc,

GetCommandLineA, ExitProcess, RtlUnwind, TerminateProcess, HeapSize,

VirtualProtect, VirtualAlloc, WritePrivateProfileStringW, HeapDestroy,

HeapCreate, VirtualFree, IsBadWritePtr, LCMapStringA, LCMapStringW,

SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA,

GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings,

FreeEnvironmentStringsW, GetEnvironmentStringsW,

UnhandledExceptionFilter, QueryPerformanceCounter, GetCurrentProcessId,

GetSystemTimeAsFileTime, SetUnhandledExceptionFilter,

GetTimeZoneInformation, GetCPInfo, GetStringTypeA, GetStringTypeW,

GetOEMCP, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA,

CompareStringW, SetEnvironmentVariableA, FileTimeToSystemTime,

GlobalFlags, SetErrorMode, TlsFree, LocalReAlloc, TlsSetValue,

TlsAlloc, TlsGetValue, GlobalHandle, GlobalReAlloc, GetCurrentThread,

ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, LoadLibraryW,

GetLocaleInfoW, FreeResource, GetCurrentThreadId, GlobalAddAtomW,

GlobalFindAtomW, GlobalDeleteAtom, GetModuleHandleA, LoadLibraryA,

GetProcAddress, GetVersionExA, SetLastError, MulDiv, GlobalLock,

GlobalUnlock, FormatMessageW, CreateProcessW, ReleaseMutex, OpenMutexW,

WaitForSingleObject, CreateMutexW, lstrcatW, InterlockedDecrement,

InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection,

DeleteCriticalSection, InitializeCriticalSection, ExitThread,

CreateThread, RaiseException, GetModuleHandleW, lstrcpyW,

LoadLibraryExW, lstrcpynW, lstrcmpiW, FreeLibrary, lstrcmpW,

FindResourceW, LoadResource, LockResource, SizeofResource,

GetLastError, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP,

InterlockedExchange, UnmapViewOfFile, MultiByteToWideChar,

MapViewOfFile, CreateFileMappingW, GetFileSize, DeleteFileW, lstrlenA,

WideCharToMultiByte, GetVolumeInformationW, GetWindowsDirectoryW,

GetSystemInfo, SystemTimeToFileTime, GetLocalTime, GetModuleFileNameW,

VirtualQuery, WriteFile, CreateFileW, GetTempFileNameW,

GetEnvironmentVariableW, ExpandEnvironmentStringsW, LocalAlloc,

lstrlenW, LocalFree, CloseHandle, GetTickCount, GlobalFree, GlobalAlloc
>

USER32.dll: ValidateRect, SetWindowContextHelpId, MapDialogRect,

PostQuitMessage, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC,

ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW,

GetDesktopWindow, GetActiveWindow, GetNextDlgTabItem, EndDialog,

IsWindowEnabled, MoveWindow, SetWindowTextW, IsDialogMessageW,

SetMenuItemBitmaps, ModifyMenuW, EnableMenuItem, CheckMenuItem,

GetMenuCheckMarkDimensions, LoadBitmapW, RegisterWindowMessageW,

WinHelpW, GetCapture, CreateWindowExW, SetWindowsHookExW,

CallNextHookEx, GetClassInfoExW, GetClassLongW, SendDlgItemMessageW,

SendDlgItemMessageA, GetFocus, GetCursorPos, SetFocus, IsChild,

GetForegroundWindow, SetActiveWindow, DispatchMessageW, GetDlgItem,

GetTopWindow, DestroyWindow, UnhookWindowsHookEx, GetMessageTime,

GetMessagePos, LoadIconW, SetRect, MapWindowPoints,

CopyAcceleratorTableW, PostThreadMessageW, RegisterClipboardFormatW,

CharUpperW, MessageBeep, MessageBoxW, GetKeyState, SetForegroundWindow,

IsWindowVisible, UpdateWindow, GetMenu, PostMessageW, GetSysColor,

AdjustWindowRectEx, ScreenToClient, EqualRect, GetClassInfoW,

TranslateMessage, GetMessageW, SetCursor, RegisterClassW,

GetSysColorBrush, LoadCursorW, DestroyMenu, IsWindow, IsRectEmpty,

GetDlgCtrlID, DefWindowProcW, GetWindowLongW, SetWindowPos, OffsetRect,

IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement,

GetSystemMetrics, CopyRect, PtInRect, GetWindow, GetMenuState,

GetMenuItemID, GetMenuItemCount, GetSubMenu, UnregisterClassW,

GetParent, GetClientRect, ShowWindow, BringWindowToTop, GetWindowRect,

CharNextW, SetPropW, CallWindowProcW, RemovePropW, SetWindowLongW,

GetPropW, SendMessageW, RealGetWindowClassW, GetClassNameW,

GetWindowTextW, EnumChildWindows, wsprintfW, EnableWindow,

GetNextDlgGroupItem, ReleaseCapture, SetCapture, InvalidateRgn,

PeekMessageW, InvalidateRect, GetLastActivePopup,

CreateDialogIndirectParamW
> GDI32.dll: GetBkColor, GetTextColor,

CreateRectRgnIndirect, GetMapMode, GetRgnBox, GetStockObject, DeleteDC,

ExtSelectClipRgn, ScaleWindowExtEx, SetBkColor, SetTextColor,

GetClipBox, GetDeviceCaps, ScaleViewportExtEx, SetViewportExtEx,

OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape,

ExtTextOutW, TextOutW, RectVisible, PtVisible, GetWindowExtEx,

GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC,

CreateBitmap, GetObjectW, SetWindowExtEx
> comdlg32.dll: GetFileTitleW
> WINSPOOL.DRV: OpenPrinterW, DocumentPropertiesW, ClosePrinter
>

ADVAPI32.dll: CryptReleaseContext, RegQueryValueW, RegEnumKeyW,

RegOpenKeyW, RegCreateKeyExW, RegOpenKeyExW, RegQueryInfoKeyW,

RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyW, CryptDestroyHash,

CryptGetHashParam, CryptHashData, CryptCreateHash,

CryptAcquireContextW, RegDeleteValueW, RegSetValueExW,

RegQueryValueExW, RegCloseKey
> COMCTL32.dll: -
>

SHLWAPI.dll: PathFindExtensionW, PathStripToRootW, StrCmpIW, StrToIntW,

StrStrIW, UrlGetPartW, PathFindFileNameW, UrlUnescapeW, PathIsUNCW
> oledlg.dll: OleUIBusyW
>

ole32.dll: CoUninitialize, CoInitialize, CoTaskMemAlloc,

CLSIDFromProgID, CoTaskMemFree, StringFromGUID2, StringFromCLSID,

CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes,

StgCreateDocfileOnILockBytes, CoCreateInstance,

CreateILockBytesOnHGlobal, OleUninitialize, CoFreeUnusedLibraries,

OleInitialize, CoRevokeClassObject, OleIsCurrentClipboard,

OleFlushClipboard, CoRegisterMessageFilter, CoTaskMemRealloc
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> urlmon.dll: UrlMkGetSessionOption, URLDownloadToFileW
>

RPCRT4.dll: NdrDllGetClassObject, IUnknown_AddRef_Proxy,

NdrCStdStubBuffer2_Release, IUnknown_Release_Proxy,

IUnknown_QueryInterface_Proxy, NdrOleFree, NdrStubForwardingFunction,

NdrOleAllocate, NdrCStdStubBuffer_Release, NdrDllRegisterProxy,

NdrDllCanUnloadNow, NdrDllUnregisterProxy
> WININET.dll:

InternetSetOptionW, InternetQueryOptionW, HttpSendRequestW,

InternetCrackUrlW, InternetConnectW, InternetOpenW, HttpQueryInfoW,

InternetReadFile, HttpOpenRequestW, FindFirstUrlCacheEntryExW,

DeleteUrlCacheEntryW, FindNextUrlCacheEntryExW, FindCloseUrlCache,

InternetCloseHandle

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

 

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1125B36A008FEA201C7705B8D04A3200F920A68C

ATENTION



Link to comment
Share on other sites

    Här följer resultatet av filen:
C:\WINDOWS\un ins000.exe

Fil unins000.exe mottagen 2008.04.13 19:36:47 (CET)

 

Närvarande status:

 

genomförd


 

Resultat: 0/32 (0.00%)

 

Skriv ut resultatSkriv ut resultat

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

2008.4.12.0

2008.04.11

-

 

AntiVir

7.6.0.85

2008.04.11

-

 

Authentium

4.93.8

2008.04.13

-

 

Avast

4.8.1169.0

2008.04.13

-

 

AVG

7.5.0.516

2008.04.13

-

 

BitDefender

7.2

2008.04.13

-

 

CAT-QuickHeal

9.50

2008.04.12

-

 

ClamAV

0.92.1

2008.04.13

-

 

DrWeb

4.44.0.09170

2008.04.13

-

 

eSafe

7.0.15.0

2008.04.09

-

 

eTrust-Vet

31.3.5692

2008.04.11

-

 

Ewido

4.0

2008.04.13

-

 

F-Prot

4.4.2.54

2008.04.13

-

 

F-Secure

6.70.13260.0

2008.04.13

-

 

FileAdvisor

1

2008.04.13

-

 

Fortinet

3.14.0.0

2008.04.13

-

 

Ikarus

T3.1.1.26

2008.04.13

-

 

Kaspersky

7.0.0.125

2008.04.13

-

 

McAfee

5272

2008.04.11

-

 

Microsoft

1.3408

2008.04.13

-

 

NOD32v2

3021

2008.04.12

-

 

Norman

5.80.02

2008.04.12

-

 

Panda

9.0.0.4

2008.04.13

-

 

Prevx1

V2

2008.04.13

-

 

Rising

20.39.62.00

2008.04.13

-

 

Sophos

4.28.0

2008.04.13

-

 

Sunbelt

3.0.1041.0

2008.04.12

-

 

Symantec

10

2008.04.13

-

 

TheHacker

6.2.92.276

2008.04.12

-

 

VBA32

3.12.6.4

2008.04.13

-

 

VirusBuster

4.3.26:9

2008.04.13

-

 

Webwasher-Gateway

6.6.2

2008.04.11

-

 

 

 

 

Övrig information

 

File size: 691545 bytes

 

MD5...: fa216964c56aceb2ecafce0815494dbc

 

SHA1..: ab6804f5c6864c7308b042f3457cc7301aa4d67b

 

SHA256: 6079c7cf77cc6a3610e60933fabca46de2afc2f59a41394a5badf7bf11697973

 

SHA512: 52417c0db4c9870bac098543fd87761aa36d213062dc0f18a274df2d5d6ed89f
8f45945914a1b525129b9fd82b2cbea6f287eafd147f3ea88053d45aaad498d6

 

PEiD..: -

 

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x48fb00
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x8ed30 0x8ee00 6.59 65057a4ee67c422926d7ddc20ed1763e
DATA 0x90000 0xf6c 0x1000 4.30 d21fe5132dea99525a6cf1585a804736
BSS 0x91000 0x139c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x93000 0x2580 0x2600 4.93 e5e6e5ba169e985617b6ee51af033aa1
.tls 0x96000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x97000 0x18 0x200 0.20 aa788c79120afbe36e18b7b180139dd9
.reloc 0x98000 0x8250 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xa1000 0x13a00 0x13a00 4.92 922121138b9461e06c43de883787955b

( 17 imports )
>

kernel32.dll: DeleteCriticalSection, LeaveCriticalSection,

EnterCriticalSection, InitializeCriticalSection, VirtualFree,

VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue,

TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError,

GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind,

ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime,

GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
>

oleaut32.dll: SafeArrayPutElement, SafeArrayCreate,

VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen,

SysAllocStringLen
> advapi32.dll: RegSetValueExA,

RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA,

RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA,

RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA,

GetUserNameA, GetTokenInformation, FreeSid, EqualSid,

AllocateAndInitializeSid
> kernel32.dll: lstrcmpA,

WriteProfileStringA, WritePrivateProfileStringA, WriteFile,

WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile,

TransactNamedPipe, TerminateThread, TerminateProcess, Sleep,

SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime,

SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile,

SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile,

QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar,

MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree,

LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA,

IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc,

GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc,

GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion,

GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime,

GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID,

GetShortPathNameA, GetProfileStringA, GetProcAddress,

GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA,

GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime,

GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA,

GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA,

GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread,

GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA,

GetComputerNameA, GetCommandLineA, GetACP, FreeResource,

InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers,

FindResourceA, FindNextFileA, FindFirstFileA, FindClose,

FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl,

DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA,

CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA,

CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime,

CloseHandle
> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
>

gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt,

SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode,

SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject,

SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle,

RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo,

LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA,

GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries,

GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps,

GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits,

ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject,

DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect,

CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC,

CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord,

BitBlt, Arc, AddFontResourceA
> user32.dll: WindowFromPoint,

WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow,

UnregisterClassA, UnhookWindowsHookEx, TranslateMessage,

TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA,

ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn,

SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement,

SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo,

SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor,

SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA,

SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow,

ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC,

ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect,

PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect,

OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA,

MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA,

LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible,

IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA,

InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA,

InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn,

GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics,

GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA,

GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA,

GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup,

GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow,

GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor,

GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture,

GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx,

EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow,

EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon,

DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow,

DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA,

DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu,

CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW,

CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint,

AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA,

CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx
>

comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock,

ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave,

ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag,

ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy,

ImageList_Create, InitCommonControls
> ole32.dll: CoTaskMemFree,

CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries,

CoUninitialize, CoInitialize, IsEqualGUID
> oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
> shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA
> shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc
> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA
> ole32.dll: CoDisconnectObject
> advapi32.dll: AdjustTokenPrivileges

( 0 exports )

Link to comment
Share on other sites

    Här följer resultatet av filen:
C:\WINDOWS\system32\myss_sb_uninstall.exe

Fil myss_sb_uninstall.exe_ mottagen 2008.05.03 21:19:21 (CET)

 

Närvarande status:

 

genomförd


 

Resultat: 1/31 (3.23%)

 

Skriv ut resultatSkriv ut resultat

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

2008.5.3.0

2008.05.02

-

 

AntiVir

7.8.0.11

2008.05.02

-

 

Authentium

4.93.8

2008.05.02

-

 

Avast

4.8.1169.0

2008.05.03

-

 

AVG

7.5.0.516

2008.05.03

-

 

BitDefender

7.2

2008.05.03

-

 

CAT-QuickHeal

9.50

2008.05.03

-

 

ClamAV

0.92.1

2008.05.03

-

 

DrWeb

4.44.0.09170

2008.05.03

-

 

eSafe

7.0.15.0

2008.04.28

-

 

eTrust-Vet

31.3.5755

2008.05.03

-

 

Ewido

4.0

2008.05.03

-

 

F-Prot

4.4.2.54

2008.05.02

-

 

F-Secure

6.70.13260.0

2008.05.03

-

 

Fortinet

3.14.0.0

2008.05.03

-

 

Ikarus

T3.1.1.26

2008.05.03

-

 

Kaspersky

7.0.0.125

2008.05.03

-

 

McAfee

5287

2008.05.02

-

 

Microsoft

1.3408

2008.04.22

-

 

NOD32v2

3072

2008.05.03

-

 

Norman

5.80.02

2008.05.02

-

 

Panda

9.0.0.4

2008.05.03

-

 

Prevx1

V2

2008.05.03

Cloaked Malware

 

Rising

20.42.22.00

2008.04.30

-

 

Sophos

4.29.0

2008.05.03

-

 

Sunbelt

3.0.1097.0

2008.05.03

-

 

Symantec

10

2008.05.03

-

 

TheHacker

6.2.92.300

2008.05.03

-

 

VBA32

3.12.6.5

2008.05.03

-

 

VirusBuster

4.3.26:9

2008.05.03

-

 

Webwasher-Gateway

6.6.2

2008.05.03

-

 

 

 

 

Övrig information

 

File size: 89070 bytes

 

MD5...: 3eff99dbfcce3d603ec795f39c152b0b

 

SHA1..: 72434e66c9295a201938ea8ce36b5277d7f11536

 

SHA256: 8559f5f8a32b3f1ebc28183d6bfdb413363f0d4180503738411b8ee2d68f68ea

 

SHA512: 4092b49ace43d3c1dced98590e9848cd6bbbfa62424099a3ac5daf0bca27cd30
4c99c58b8fc12b14cc34879cd28c9f8a35e76db2d2ceb2fa4bdc5aaf219e485b

 

PEiD..: -

 

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403228
timedatestamp.....: 0x47acc8a9 (Fri Feb 08 21:24:57 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5a7e 0x5c00 6.47 47641d572224078da00d12032a7bb9d7
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x3997d8 0x400 4.71 1043e85c0a23a45c2aa392431eeaf00d
.ndata 0x3a3000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x3ac000 0x6fb0 0x7000 5.73 2cc0c48de1479acffe0686dbc3a5c5e7

( 8 imports )
>

KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA,

GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA,

GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep,

GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA,

GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA,

GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA,

GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread,

CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA,

GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA,

ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc,

WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA,

LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar,

WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile,

ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA,

FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll:

EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem,

GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos,

GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton,

GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible,

CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA,

TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics,

SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA,

DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA,

SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow,

wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA,

CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA,

OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA,

LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA,

DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA,

EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps,

DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode,

SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA,

SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA,

SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA,

RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA,

RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

 

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=89E44400EE1AFD8B5B39012CAFB2570007BEED05

ATENTION
Link to comment
Share on other sites

     Här följer resultatet av filen:
C:\WINDOW S\system32\mysidesearch_sidebar_uninstall.exe


Fil mysidesearch_sidebar_uninstall.ex mottagen 2008.04.01 18:34:02 (CET)

 

Närvarande status:

 

genomförd


 

Resultat: 1/32 (3.12%)

 

Skriv ut resultatSkriv ut resultat

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

-

-

-

 

AntiVir

-

-

-

 

Authentium

-

-

-

 

Avast

-

-

-

 

AVG

-

-

-

 

BitDefender

-

-

-

 

CAT-QuickHeal

-

-

-

 

ClamAV

-

-

-

 

DrWeb

-

-

-

 

eSafe

-

-

-

 

eTrust-Vet

-

-

-

 

Ewido

-

-

-

 

F-Prot

-

-

-

 

F-Secure

-

-

-

 

FileAdvisor

-

-

-

 

Fortinet

-

-

-

 

Ikarus

-

-

-

 

Kaspersky

-

-

-

 

McAfee

-

-

-

 

Microsoft

-

-

-

 

NOD32v2

-

-

-

 

Norman

-

-

-

 

Panda

-

-

-

 

Prevx1

-

-

TROJAN.ADCLICKER.Q

 

Rising

-

-

-

 

Sophos

-

-

-

 

Sunbelt

-

-

-

 

Symantec

-

-

-

 

TheHacker

-

-

-

 

VBA32

-

-

-

 

VirusBuster

-

-

-

 

Webwasher-Gateway

-

-

-

 

 

 

 

Övrig information

 

MD5: ef398e60ed3233c43357c2df4fe0daf3

 

SHA1: 28ca740f93182568c24dce6ef2aec14468af7d92

 

SHA256: e30961b8777d1a9fe62f30ba05bb6acacbf62647943a120f11f521d670642ea3

 

SHA512:

be1ef89bf3d6556573bd3dc0055298866bc8422e49d50c469b02ad1f4d0d819e58ad35ef6e463add69f6a565fa5566b01ed4b720cf8d31ee1f2774b3c3b4be5c

Link to comment
Share on other sites

Kopiera följande 7 färgade rader

File::

C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exe
C:\WINDOWS\system32\myss_sb.dll
C:\WINDOWS\unins000.exe
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\unins000.dat

och klistra in i Anteckningar.
Spara filen på Skrivbordet med namnet CFScript.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet  så startar programmet på ett särskilt sätt.
Rätt högt upp på forumsidan så har du en svart rad som slutar med ordet FILER.
Tryck på den. Där kan du ladda upp den nya ComboFix-loggen och en ny HijackThis-logg. Skriv här vad loggarna heter så kan jag hämta dem.
Klistra in loggen som kommer ut och en ny HijackThis-logg.

Link to comment
Share on other sites

    Hej Cecilia
Vi har laddat upp filerna som du önskade.
De bör vara åtkomliga för dig.
Om inte så hör av dig.

Mvh
Scoter72

Link to comment
Share on other sites

Tack, det verkar gå bra att läsa filerna. Lite omständigt men det blev ju alldeles för segt med dem inklistrade.

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

Ta bort filerna:
C:\WINDOWS\system32\{f4d19b79-eb77-1de6-5d14-b58ba537404e}.dll-uninst.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\unins000.dat

Starta  om datorn.
Hur uppför sig datorn nu?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...