Just nu i M3-nätverket
Gå till innehåll
wlb

Virus under PDF fil

Rekommendera Poster

Hej!

Jag har skickat två skannade sidor i PDF format med meil, mottagaren har fått bilder i hotmail försett med hänglås går inte går att öppna eller ta bort. De är skickade i messenger men båda datorerna har Vista. Under textsidorna på meilet i min dator finns skannade bilder från olika filer som ibland bytts ut när jag öppnar. Hur får man bort det från mottagarens och min dator?

Tacksam för hjälp!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Administratör at 14:31:28 on 2011-11-07

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.1982.777 [GMT 1:00]

.

AV: Bahnhof Internet Security 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: Bahnhof Internet Security 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bahnhof Internet Security 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bahnhof Internet Security\Anti-Virus\fsgk32st.exe

C:\Program Files\Bahnhof Internet Security\Common\FSMA32.EXE

C:\Program Files\Bahnhof Internet Security\Anti-Virus\FSGK32.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Bahnhof Internet Security\Common\FSHDLL32.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Bahnhof Internet Security\Anti-Virus\fssm32.exe

C:\Program Files\Bahnhof Internet Security\ORSP Client\fsorsp.exe

C:\Program Files\Bahnhof Internet Security\FWES\Program\fsdfwd.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Bahnhof Internet Security\Anti-Virus\fsav32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Bahnhof Internet Security\Common\FSM32.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\conime.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Bahnhof Internet Security\Common\FSM32.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Administratör\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VX7XZ0Q\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Pavilion&pf=laptop

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [iSUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [F-Secure Manager] "c:\program files\bahnhof internet security\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\bahnhof internet security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\program files\bahnhof internet security\fsps\program\FSLSP.DLL

Trusted Zone: live.com\onecare

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{3F006C5E-47D8-4203-9599-06619BCEF8CA} : DhcpNameServer = 10.0.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = scecli DPPWDFLT

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-7-19 42664]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\bahnhof internet security\hips\drivers\fshs.sys [2010-7-19 69928]

R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-7-19 36792]

R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-7-19 72904]

R1 fsvista;F-Secure Vista Support Driver;c:\program files\bahnhof internet security\anti-virus\minifilter\fsvista.sys [2010-7-19 14248]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\bahnhof internet security\anti-virus\fsgk32st.exe [2010-7-19 221608]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-7-17 21504]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\bahnhof internet security\anti-virus\minifilter\fsgk.sys [2010-7-19 148632]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\bahnhof internet security\orsp client\fsorsp.exe [2010-7-19 61088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-5 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-8-10 42368]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-11-05 15:12:30 -------- d-----w- c:\programdata\Fighters

2011-11-05 15:11:25 -------- dc-h--w- c:\programdata\~0

2011-11-05 15:10:07 -------- d-----w- c:\users\administratör\appdata\roaming\Fighters

2011-11-04 19:54:14 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2d65c195-af4c-43f7-975b-63fcbeb91212}\offreg.dll

2011-11-04 16:47:03 -------- d-----w- c:\programdata\Ask

2011-11-04 15:04:45 -------- d-----w- c:\users\administratör\appdata\roaming\Template

2011-11-04 11:36:35 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2d65c195-af4c-43f7-975b-63fcbeb91212}\mpengine.dll

2011-11-04 07:43:03 -------- d-----w- c:\users\administratör\appdata\roaming\Systweak

2011-11-04 07:43:00 17280 ----a-w- c:\windows\system32\roboot.exe

2011-11-04 07:42:56 -------- d-----w- c:\program files\RegClean Pro

2011-11-03 19:10:34 -------- d-----w- c:\program files\Lavasoft

2011-10-13 11:17:52 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 11:17:52 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 11:17:52 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 11:17:51 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 11:17:47 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 11:16:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-10-13 11:15:48 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 11:15:48 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 11:15:46 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 11:15:46 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

==================== Find3M ====================

.

2011-11-04 16:37:29 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys

2011-10-31 20:57:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 14:32:37,90 ===============

Attach.txt

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.

c:\windows\system32\roboot.exe

 

Dessa mappar bör du kunna ta bort eftersom det ser ut som att du har avinstallerat respektive program:

c:\program files\Lavasoft

c:\programdata\Fighters

c:\users\administratör\appdata\roaming\Fighters

c:\programdata\Ask

 

Under textsidorna på meilet i min dator finns skannade bilder från olika filer som ibland bytts ut när jag öppnar.
Kan du göra skärmdumpar (PrintScreen eller Skärmklippverktyget) och bifoga så att det blir lättare att förstå?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej!

Nu har ytterligare ett tjugotal bilder hamnat under vardera PDF fil under dagen, mottagarens meil bifogat. Lavasoft borttagen har inte hittat de övriga.

 

VT Community Sign in ▼ My account ▼ Sign outSigning out... loading.gifLanguages ▼VirusTotal's website has changed, we need new translations, do you feel like helping the community?

info@virustotal.comSign in to VT CommunitySafety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.

 

emailpassword Keep me logged inSign inSigning in, please wait... loading.gifLogin failed, please try againForgot your password?Create an accountEdit my profile

View my profile

Inbox

VirusTotal-logo.png

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: roboot.exe

Submission date: 2011-10-03 16:37:04 (UTC)

Current status: finished

Result: 0/43 (0.0%)

VT Communityqmark.jpg

not reviewed

Safety score: - CompactPrint resultsAntivirusVersionLast UpdateResultAhnLab-V32011.10.03.002011.10.03-AntiVir7.11.15.872011.10.03-Antiy-AVL2.0.3.72011.10.03-Avast6.0.1289.02011.10.02-AVG10.0.0.11902011.10.03-BitDefender7.22011.10.03-ByteHero1.0.0.12011.09.23-CAT-QuickHeal11.002011.10.03-ClamAV0.97.0.02011.10.03-Commtouch5.3.2.62011.10.03-Comodo103272011.10.03-DrWeb5.0.2.033002011.10.03-Emsisoft5.1.0.112011.10.03-eSafe7.0.17.02011.10.02-eTrust-Vet36.1.85942011.10.03-F-Prot4.6.2.1172011.10.03-F-Secure9.0.16440.02011.10.03-Fortinet4.3.370.02011.10.01-GData222011.10.03-IkarusT3.1.1.107.02011.10.03-Jiangmin13.0.9002011.10.03-K7AntiVirus9.113.52272011.10.01-Kaspersky9.0.0.8372011.10.03-McAfee5.400.0.11582011.10.03-McAfee-GW-Edition2010.1D2011.10.02-Microsoft1.77022011.10.03-NOD3265132011.10.03-Norman6.07.112011.10.03-nProtect2011-10-03.012011.10.03-Panda10.0.3.52011.10.03-PCTools8.0.0.52011.10.03-Prevx3.02011.10.03-Rising23.77.04.012011.09.30-Sophos4.69.02011.10.03-SUPERAntiSpyware4.40.0.10062011.10.03-Symantec20111.2.0.822011.10.03-TheHacker6.7.0.1.3162011.10.03-TrendMicro9.500.0.10082011.10.03-TrendMicro-HouseCall9.500.0.10082011.10.03-VBA323.12.16.42011.10.03-VIPRE106522011.10.03-ViRobot2011.10.1.46992011.10.03-VirusBuster14.0.245.12011.10.03-Additional informationShow allMD5 : be083e16a50a441ecdf9dc9a6faeda6aSHA1 : e4383c7022c8320816d2e9c372f77c2e894dc36dSHA256: da5344695c9ad5bb85b1d8565fb2cb4140300e43188b2073d790d2d70965ce6assdeep: 192:f0W8ACZd07P/uG+eNPL+T7XTPMG4QW/O5YSnEXNp8SbjcHZs10UKyowJL/VgrYM7:RDNhLE

7XbM/zhjcu10HYJLeVbCoj1vFile size : 17280 bytesFirst seen: 2011-07-07 22:41:01Last seen : 2011-10-03 16:37:04Magic: PE32 executable for MS Windows (native) Intel 80386 32-bitTrID:

Windows Screen Saver (51.1%)

Win32 Executable Generic (33.2%)

Generic Win/DOS Executable (7.8%)

DOS Executable Generic (7.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)sigcheck:

publisher....: Systweak Inc., (www.systweak.com)

copyright....: Copyright © 2010 Systweak Inc., All rights reserved.

product......: Systweak Regclean Pro

description..: Regclean Pro

original name: RegcleanPro.exe

internal name: Regclean Pro Registry Optimizer

file version.: 6.1

comments.....: http://www.systweak.com

signers......: Systweak Inc

VeriSign Class 3 Code Signing 2009-2 CA

Class 3 Public Primary Certification Authority

signing date.: 9:57 07/07/2011

verified.....: -

PEiD: -PEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0x2545

timedatestamp....: 0x4D19C6FA (Tue Dec 28 11:16:10 2010)

machinetype......: 0x14C (Intel I386)

 

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x1F2E, 0x2000, 6.24, baaafcec427a6cc0cc73728bc3f0274b

.data, 0x3000, 0x34C, 0x200, 0.2, 563629f165a1b00ba1c92b2b4adf94bb

.rsrc, 0x4000, 0x468, 0x600, 2.59, ed9df3c3dd2ff71057983f0ee6cb5d56

.reloc, 0x5000, 0x1B6, 0x200, 5.06, 40af51e8e0afdba218bf98f14ab70502

 

[[ 1 import(s) ]]

ntdll.dll: NtDisplayString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, vsprintf, NtOpenKey, RtlInitUnicodeString, NtLoadKey, NtUnloadKey, RtlAllocateHeap, RtlFreeHeap, RtlAdjustPrivilege, NtInitializeRegistry, RtlCreateHeap, memset, NtClose, NtReadFile, NtCreateFile, NtSaveKey, NtReplaceKey, ZwDeleteFile, LdrGetProcedureAddress, LdrGetDllHandle, NtFlushKey, NtDelayExecution, NtSetValueKey, memmove, NtQueryValueKey, _chkstk, NtFlushBuffersFile, NtWriteFile, NtShutdownSystem, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind

Androguard:

-ExifTool:

file metadata

CharacterSet: Windows, Latin1

CodeSize: 8192

Comments: http://www.systweak.com

CompanyName: Systweak Inc., (www.systweak.com)

EntryPoint: 0x2545

FileDescription: Regclean Pro

FileFlagsMask: 0x0000

FileOS: Win32

FileSize: 17 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 6.1

FileVersionNumber: 6.1.0.0

ImageVersion: 6.0

InitializedDataSize: 3072

InternalName: Regclean Pro Registry Optimizer

LanguageCode: English (U.S.)

LegalCopyright: Copyright © 2010 Systweak Inc., All rights reserved.

LegalTrademarks: Systweak, Regclean Pro

LinkerVersion: 8.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 6.0

ObjectFileType: Dynamic link library

OriginalFilename: RegcleanPro.exe

PEType: PE32

ProductName: Systweak Regclean Pro

ProductVersion: 6.1

ProductVersionNumber: 6.1.0.0

Subsystem: Native

SubsystemVersion: 6.0

TimeStamp: 2010:12:28 12:16:10+01:00

UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight

 

VT Community

 

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal TeamAdd your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

You can add basic styles to your comments using the following accepted bbcode tags:

 

text -- bold

text -- italics

text -- underline

text -- strikethrough

text

- preformatted text

 

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for. GoodwareMalwareSpam attachment/link

P2P downloadPropagating via IMNetwork worm

Drive-by-download

 

Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.

 

Preview commentEdit commentPost commentPosting comment... loading.gifComment successfully posted

 

 

 

 

 

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

 

VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - TOS & Privacy Policy

Redigerad av wlb

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Så här ser bilden ut som jag fick fram:

 

*******************

 

Jag ser inget som jag tycker stämmer med din beskrivning:

Under textsidorna på meilet i min dator finns skannade bilder från olika filer som ibland bytts ut när jag öppnar.
Redigerad av Cecilia
Bild borttagen eftersom den innehöll personlig information /Cecilia, moderator

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej Cecilia! Kan inte få fram information i klipp så jag har skrivit detta istället.

Virus under PDF fil De skannade filerna har bara en sida när de öppnas i Bilder. När de öppnas i Skickade meil visas de i Microsoft Office Picture Manager, när jag använder bläddringskapparna under dokumentet kommer det upp skannade foton, som varierar i antal och med utbytta foton.

 

Det kommer även upp två tomma sidor med varsitt märke, när markören hålls över dem är texten:

 

Snapback [1] png User_popup [1] png

 

Typ PNG_ bild Typ PNG_ bild

 

Storlek 327 byte Storlek 162 byte

 

Format 16x16 bildpunkter Format 8x8 bildpunkter

 

Samtliga bilder kommer från:

 

. C:\Users\webb\Appdata\Local\Microsoft\Windovs\Temporary Internet files\ Content.IES\V8OD5NAL\

 

Jag har skannat bilderna från en hemsida som ska ersättas.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Mappen "Temporary Internet files" används av Internet Explorer och andra Microsoft-program för att lagra dokument, bilder mm som ska visas i webbläsaren med fler. Om du bläddrar dig fram mellan bilder i den mappen så kommer det att bli olika bilder beroende på vad som har visats i Internet Explorer nyligen. Inget konstigt alls.

 

Det jag inte förstår är varför PDF-filer ligger i mappen Bilder eller visas med bildvisarprogram i stället för med PDF-läsarprogram. Men det har ju heller inget med virus eller andra skadliga program att göra.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej Cecilia!

När inga virus hittats, datorn har rensats och fungerar, ser jag tråden som avslutad.

Tack för hjälpen och vänligen ta bort onödig text och klippet ur tråden.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...