Hem | Forum | Chatt | Om webbplatsen | Kontakta oss

Nybörjare. Gjort en fullscan av datorn

Här läggs de trådar gällande systemrensningar m.m., som är lösta eller som inte har besökts av trådskaparen. Även äldre instruktionsinlägg läggs här. OBS! I den här forumdelen går det inte att posta inlägg. Det går enbart att läsa trådarna.

Nybörjare. Gjort en fullscan av datorn

Inläggav pipen » tis 28 jun 2005, 20.28

Detta hittade ad-aware, har inte tagit bort något än.

Hoppas du kan hjälpa mig :(


Ad-Aware SE Build 1.06r1
Logfile Created on:den 28 juni 2005 20:59:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):1 total references
BargainBuddy(TAC index:8):12 total references
CoolWebSearch(TAC index:10):10 total references
DyFuCA(TAC index:3):29 total references
istbar(TAC index:7):10 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Targetsavers(TAC index:8):8 total references
Tracking Cookie(TAC index:3):50 total references
ZyncosMark(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

2005-06-28 20:52:12 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R51 21.06.2005
Internal build : 59
File location : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 483435 Bytes
Total size : 1461660 Bytes
Signature data size : 1429955 Bytes
Reference data size : 31193 Bytes
Signatures total : 40756
CSI Fingerprints total : 906
CSI data size : 31253 Bytes
Target categories : 15
Target families : 694


2005-06-28 20:52:36 Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:63732 kb
Available physical memory:1136 kb
Total page file size:2033416 kb
Available on page file:1879124 kb
Total virtual memory:2093056 kb
Available virtual memory:2038400 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-06-28 20:59:17 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291765667
Threads : 7
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corporation 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294906579
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bitars VxD-meddelandeserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294927683
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294939379
Threads : 3
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Schemaläggaren
CompanyName : Microsoft Corporation
FileDescription : Motor för schemaläggaren
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corporation 2000
OriginalFilename : mstask.exe

#:5 [PSIMSVC.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4294961447
Threads : 4
Priority : Normal
FileVersion : 1, 3, 2, 0
ProductVersion : 1, 3, 2, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2004.
OriginalFilename : PsImSvc.exe

#:6 [PAVPROT.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4294966135
Threads : 5
Priority : Normal
FileVersion : 3, 0, 0, 804
ProductVersion : 3, 0, 0, 804
ProductName : PavProt Application
CompanyName : Panda Software
FileDescription : PavProt Application
InternalName : PAVPROT
LegalCopyright : © 2004 Panda Software. All rights reserved.
OriginalFilename : PavProt.exe

#:7 [PAVFNSVR.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4290782711
Threads : 8
Priority : Normal
FileVersion : 4.07.02
ProductVersion : 4, 7, 2, 0
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2004
OriginalFilename : PavFnSvr.exe

#:8 [PREVSRV.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4290778003
Threads : 5
Priority : Normal
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
ProductName : prevsrv
CompanyName : Panda Software
FileDescription : Panda Preventium+ © service
InternalName : prevsrv
LegalCopyright : Copyright © Panda Software 2004
OriginalFilename : prevsrv
Comments : Panda Preventium+ © service

#:9 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290799643
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290815919
Threads : 7
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft(R) Windows NT(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290996071
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291000135
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Aktivitetsfältstillbehör
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291003947
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Aktivitetsfältstillbehör
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:14 [HPSYSDRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291027731
Threads : 2
Priority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:15 [MMKEYBD.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291029175
Threads : 10
Priority : Normal
FileVersion : 3.1.1.5
ProductVersion : 3.1.1.5
ProductName : One-touch multimedia-tangentbord
CompanyName : Netropa Corp.
FileDescription : One-touch multimedia-tangentbord
InternalName : MMKEYBD
LegalCopyright : Copyright (c) 1995-1999 Netropa Corp.
Med ensamrätt.
OriginalFilename : MMKEYBD.EXE

#:16 [APVXDWIN.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4291050275
Threads : 10
Priority : Normal
FileVersion : 4.07.09
ProductVersion : 4.07.09
ProductName : Panda Antivirus Aplication
CompanyName : Panda Software International
FileDescription : ApVxdWin
InternalName : ApVxdWin.exe
LegalCopyright : © Panda Software 2004
OriginalFilename : ApVxdWin.exe

#:17 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4291061819
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Kör en DLL-fil som ett program
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:18 [WKCALREM.EXE]
FilePath : C:\PROGRAM\VANLIGA FILER\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4291088627
Threads : 3
Priority : Normal
FileVersion : 5.00.2004.0
ProductVersion : 5.00.2004.0
ProductName : Microsoft® Works 2000
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : © 1999 Microsoft Corp. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:19 [KEYBDMGR.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291108351
Threads : 1
Priority : Normal
FileVersion : 3.0.0
ProductVersion : 3.0.0
ProductName : Keyboard Manager
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
LegalCopyright : Copyright (c) 1999, Netropa Corp.
OriginalFilename : KeybdMgr.exe

#:20 [OSD.EXE]
FilePath : C:\PROGRAM\NETROPA\ONSCREEN DISPLAY\
ProcessID : 4290984191
Threads : 1
Priority : Normal
FileVersion : 2.43
ProductVersion : 2.43
ProductName : OSD
CompanyName : Netropa Corp.
FileDescription : Meddelanden på skärmen
InternalName : OSD
LegalCopyright : Copyright (c) 1995-1999 Netropa Corp.
LegalTrademarks : Netropa
OriginalFilename : OSD.EXE

#:21 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291154799
Threads : 4
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:22 [MMUSBKB2.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291077291
Threads : 1
Priority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : USB Multimedia Keyboard Driver 2
CompanyName : Netropa Corporation
FileDescription : USB Multimedia Keyboard Driver 2
InternalName : mmusbkb2
LegalCopyright : Copyright © 1998-1999 Netropa Corporation
OriginalFilename : mmusbkb2.exe

#:23 [WEBPROXY.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4291086195
Threads : 5
Priority : Normal
FileVersion : 4, 6, 9, 6
ProductVersion : 2, 1, 0, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:24 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291441395
Threads : 5
Priority : Realtime
FileVersion : 4.07.00.0700
ProductVersion : 4.07.00.0700
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : DDHelp.exe

#:25 [IEXPLORE.EXE]
FilePath : C:\PROGRAM\INTERNET EXPLORER\
ProcessID : 4291043091
Threads : 8
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : IEXPLORE.EXE

#:26 [AD-AWARE.EXE]
FilePath : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4291288979
Threads : 4
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "{FAA356E4-D317-42A6-AB41-A3021C6E7D52}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser
Value : {FAA356E4-D317-42A6-AB41-A3021C6E7D52}

Targetsavers Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "AffiliateID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : AffiliateID

CoolWebSearch Object Recognized!
Type : RegData
Data : XFilter
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value :
Data : XFilter

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 36
Objects found so far: 36


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : contentmatch.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny
Value : https

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 38


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:32
Value : Cookie:hp-auktoriserad kund@advertising.com/
Expires : 2010-06-27 16:21:18
LastSync : Hits:32
UseCount : 0
Hits : 32

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:hp-auktoriserad kund@www.sr.se/cgi-bin
Expires : 2005-07-21
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:hp-auktoriserad kund@mediaplex.com/
Expires : 2009-06-22 02:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@findwhat.com/
Expires : 2020-01-01 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@atdmt.com/
Expires : 2010-06-25 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@www2.addfreestats.com/cgi-bin
Expires : 2015-02-28 01:59:58
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:hp-auktoriserad kund@imrworldwide.com/cgi-bin
Expires : 2009-01-19 01:00:00
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:hp-auktoriserad kund@fastclick.net/
Expires : 2007-06-26 21:24:02
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@247realmedia.com/
Expires : 2011-01-01 01:59:58
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:hp-auktoriserad kund@hitbox.com/
Expires : 2006-06-25 21:36:22
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:hp-auktoriserad kund@zedo.com/
Expires : 2015-06-24 21:20:36
LastSync : Hits:45
UseCount : 0
Hits : 45

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:hp-auktoriserad kund@servedby.advertising.com/
Expires : 2005-07-28 16:21:18
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@www.3dstats.com/cgi-bin
Expires : 2015-02-28 01:59:58
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@0[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:hp-auktoriserad kund@jmbi27.cjt1.net/HTM/796/0
Expires : 2006-06-26 21:06:46
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:hp-auktoriserad kund@doubleclick.net/
Expires : 2008-06-25 11:31:30
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:151
Value : Cookie:hp-auktoriserad kund@tradedoubler.com/
Expires : 2025-06-22 22:11:30
LastSync : Hits:151
UseCount : 0
Hits : 151

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@0[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:hp-auktoriserad kund@jmbi43.cjt1.net/HTM/425/0
Expires : 2006-06-26 12:42:36
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@tribalfusion.com/
Expires : 2038-01-01 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@ehg-svt.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@ehg-svt.hitbox.com/
Expires : 2006-06-25 21:36:22
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:hp-auktoriserad kund@z1.adserver.com/
Expires : 2006-06-26 12:52:04
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@abcsearch[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:hp-auktoriserad kund@abcsearch.com/
Expires : 2005-09-23 00:33:16
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:hp-auktoriserad kund@casalemedia.com/
Expires : 2006-06-17 17:24:02
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 60



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : File
Data : MQEXDLM.SRG
TAC Rating : 8
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : exdl0.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : exul1.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : javexulm.vxd
TAC Rating : 8
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : msbe.dll
TAC Rating : 8
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : ADP Module
CompanyName : eXact Advertising
FileDescription : ADP Module
InternalName : apuc
LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL


BargainBuddy Object Recognized!
Type : File
Data : exdl1.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@qsrch[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@qsrch[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@counter16.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@counter16.sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@sextracker[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@sextracker[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\TEMP\Cookies\hp-auktoriserad kund@tradedoubler[2].txt

DyFuCA Object Recognized!
Type : File
Data : optimize.exe
TAC Rating : 3
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\



BargainBuddy Object Recognized!
Type : File
Data : bb.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Installer Module
CompanyName : eXact Advertising
FileDescription : Installer Module
InternalName : Installer Utility
LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : installer.exe


istbar Object Recognized!
Type : File
Data : istbarcm.dll
TAC Rating : 7
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\



DyFuCA Object Recognized!
Type : File
Data : cln1151.TMP
TAC Rating : 3
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@findwhat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@0[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@0[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@0[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@atdmt[2].txt

istbar Object Recognized!
Type : File
Data : eycqn.exe
TAC Rating : 7
Category : Malware
Comment :
Object : c:\



Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 99


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 99




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : File
Data : exclean.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\ameopt

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\ameopt

DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : C:\Program\ISTsvc

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : RegData
Data : Never
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : RegData
Data : Never
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : File
Data : istsvc.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Program\istsvc\



Targetsavers Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\tsl installer

Targetsavers Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa

Targetsavers Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : NewInstall

Targetsavers Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : PAPP

Targetsavers Object Recognized!
Type : Folder
TAC Rating : 8
Category : Malware
Comment : Targetsavers
Object : C:\Program\common files\tsa

Targetsavers Object Recognized!
Type : File
Data : tsl2.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program\common files\tsa\
FileVersion : 4, 0, 3, 8
ProductVersion : 4, 0, 3, 8
LegalCopyright : Copyright (C) 2005


Targetsavers Object Recognized!
Type : File
Data : TSL2l.lck
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program\common files\tsa\



CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : File
Data : hosts
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : update12.js
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : wplog.txt
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 123

21:23:44 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:24:26.570
Objects scanned:74619
Objects identified:124
Objects ignored:0
New critical objects:124
pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav Malou » tis 28 jun 2005, 20.56

Hej och välkommen pipen,

Det var en hel del AAW visade. Men det skall vi hjälpa dig med :wink:

För att kunna hjälpa dig på bästa sätt och för att komma igång.
Gör nedanstående:
1. Gå till "Lägg till/ta bort program" i "Kontrollpanelen"
2. Ta bort oönskade program (om du hittar några)

Då det gäller Alexa(TAC index:5):1 total references så kan du lägga den till undantagslistan i AAW så slipper du att få med den vid kommande scanningar. Det är ok att ta bort den om du inte vill ha den kvar.

Om du inte har CCleaner installerad så hämta gärna hem den.
På nedanstående sida/länk finns nerladdningslänk samt information om hur du på bästa sätt använder CCleaner.
=> CCleaner

1. Ladda ner "AboutBuster"
Spara ner den till skrivbordet.
=> AboutBuster
Nu skapa en mapp på C:Enheten som du döper till AboutBuster.
Öppna AboutBusterZippen. Packa upp AboutBusterden till den mapp du nyss skapade på C:Enheten.
Starta programmet och klicka på "Update". Ett nytt fönster öppnas, i det fönstret, klicka "Check for updates" Om det säger att en update är tillgänglig , klicka "Download update". Om en uppdatering inte behövs , kommer det att stängas automatiskt.

Gör ingenting med programmet för närvarande.

*********************************************************
För att underlätta så mycket som möjligt för kommande procedurer så börjar vi med att försöka rensa rent så mycket som möjligt med AAW.

Skriv gärna ut nedanstående eller kopiera det till något textdokument och spara det på skrivbordet:

Gör en rensning med CCleaner:
Vidare gör nedanstående med AAW:

A. "Öppna/Starta inga program" eller "Starta inte Internet".
1. Öppna/Starta Ad-Aware SE scanna i Full System Scan.
2. När scanningen är klar, välj "Next" (Nästa).
3. Klicka på "Scan Summary" fliken i resultatfönstret.
4. Klicka på + tecknet i boxen "target family" och välj det du vill ta bort/delita.
5. Klicka på Next. Klicka OK.

B. Starta om datorn. "Öppna/Starta inga program"
1. Öppna/Starta Ad-Aware SE scanna i Full System Scan.
2. När Scanningen är klar, välj "Next" (Nästa).
3. Klicka på "Scan Summary" fliken i resultatfönstret.
4. Kontrollera alla hittade objekt "Critical Objects" fliken och välj det du vill ta bort/delita.
5. Klicka på Next. Klicka på OK.
6. Starta om datorn och gör en ny scanning med Ad-Awaren i Full System Scan.
Lägg in Ad-Awareloggen här:

*********************************************************
Passa även på att hämta hem HiJack This vi kommer nog att behöva ta hjälp av det verktyget också:

OBS: Var otroligt noga med nedanstående instruktioner:
Placera Hijack This.exe enligt instruktionerna:


”HiJack This Version 1.99.1”
Den kommer zippad. Spara ner zippen till skrivbordet:

1: Skapa en mapp direkt under C:Enheten. Döp mappen till något lämpligt (EX: HJT).
2: Öppna zippen som du sparat på skrivbordet. Ta tag i HiJack This och dra/flytta över den till den mapp du nyss skapade på C:Enheten.
OBS: Ej kopiera eller skapa genväg:
3: Sedan kasta zippen som du sparat på skrivbordet.
=> MajorGeeks HiJack This Version 1.99.1
ELLER HÄR
=> MerijnSpyWareInfo HiJack This Version 1.99.1

Använd HiJack This (HJT) så här:
Bara dubbelklicka så öppnas den. Klicka *Do a System Scan and Save a Logfile*
Lägg den någonstans (EX: Skrivbordet) och en textfil kommer upp, kopiera den hit, så får du hjälp att tolka den. Det mesta i logfilen är nödvändiga komponenter, så fixa inget själv.

Gör även gärna minst två Onlinscanningar, finns att tillgå på nedanstående sida/länk:
Ta bort det som hittas:
=> Gratis OnlineScanningar

Lycka till

MVH/Malou
Malou
 

Inläggav pipen » ons 29 jun 2005, 21.01

Så nu har jag scanat med olika program.

Hittade detta med ad-aware.
Fick inte bort istbar + 2 andra:


Ad-Aware SE Build 1.06r1
Logfile Created on:den 29 juni 2005 20:37:42
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA(TAC index:3):2 total references
istbar(TAC index:7):13 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R51 21.06.2005
Internal build : 59
File location : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 483435 Bytes
Total size : 1461660 Bytes
Signature data size : 1429955 Bytes
Reference data size : 31193 Bytes
Signatures total : 40756
CSI Fingerprints total : 906
CSI data size : 31253 Bytes
Target categories : 15
Target families : 694


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:63732 kb
Available physical memory:2600 kb
Total page file size:2033416 kb
Available on page file:1903696 kb
Total virtual memory:2093056 kb
Available virtual memory:2040128 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-06-29 20:37:42 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291791861
Threads : 5
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corporation 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294950021
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bitars VxD-meddelandeserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294953749
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294917285
Threads : 3
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Schemaläggaren
CompanyName : Microsoft Corporation
FileDescription : Motor för schemaläggaren
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corporation 2000
OriginalFilename : mstask.exe

#:5 [PSIMSVC.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4294920041
Threads : 4
Priority : Normal
FileVersion : 1, 3, 2, 0
ProductVersion : 1, 3, 2, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2004.
OriginalFilename : PsImSvc.exe

#:6 [PAVPROT.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4294923645
Threads : 5
Priority : Normal
FileVersion : 3, 0, 0, 804
ProductVersion : 3, 0, 0, 804
ProductName : PavProt Application
CompanyName : Panda Software
FileDescription : PavProt Application
InternalName : PAVPROT
LegalCopyright : © 2004 Panda Software. All rights reserved.
OriginalFilename : PavProt.exe

#:7 [PAVFNSVR.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4290808769
Threads : 8
Priority : Normal
FileVersion : 4.07.02
ProductVersion : 4, 7, 2, 0
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2004
OriginalFilename : PavFnSvr.exe

#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290807361
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:9 [PREVSRV.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4290825961
Threads : 5
Priority : Normal
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
ProductName : prevsrv
CompanyName : Panda Software
FileDescription : Panda Preventium+ © service
InternalName : prevsrv
LegalCopyright : Copyright © Panda Software 2004
OriginalFilename : prevsrv
Comments : Panda Preventium+ © service

#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290791897
Threads : 8
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft(R) Windows NT(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4291010921
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290979917
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Aktivitetsfältstillbehör
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:13 [HPSYSDRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290988889
Threads : 2
Priority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:14 [MMKEYBD.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4290991069
Threads : 9
Priority : Normal
FileVersion : 3.1.1.5
ProductVersion : 3.1.1.5
ProductName : One-touch multimedia-tangentbord
CompanyName : Netropa Corp.
FileDescription : One-touch multimedia-tangentbord
InternalName : MMKEYBD
LegalCopyright : Copyright (c) 1995-1999 Netropa Corp.
Med ensamrätt.
OriginalFilename : MMKEYBD.EXE

#:15 [APVXDWIN.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4291075317
Threads : 5
Priority : Normal
FileVersion : 4.07.09
ProductVersion : 4.07.09
ProductName : Panda Antivirus Aplication
CompanyName : Panda Software International
FileDescription : ApVxdWin
InternalName : ApVxdWin.exe
LegalCopyright : © Panda Software 2004
OriginalFilename : ApVxdWin.exe

#:16 [EYCQN.EXE]
FilePath : C:\
ProcessID : 4291077937
Threads : 2
Priority : Normal


istbar Object Recognized!
Type : Process
Data : EYCQN.EXE
TAC Rating : 7
Category : Malware
Comment : (CSI MATCH)
Object : C:\


Warning! istbar Object found in memory(C:\EYCQN.EXE)

"C:\EYCQN.EXE"Process terminated successfully

#:17 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4291092649
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Kör en DLL-fil som ett program
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:18 [WKCALREM.EXE]
FilePath : C:\PROGRAM\VANLIGA FILER\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4290976045
Threads : 3
Priority : Normal
FileVersion : 5.00.2004.0
ProductVersion : 5.00.2004.0
ProductName : Microsoft® Works 2000
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : © 1999 Microsoft Corp. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:19 [WZQKPICK.EXE]
FilePath : C:\PROGRAM\WINZIP\
ProcessID : 4291074853
Threads : 2
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:20 [KEYBDMGR.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291102497
Threads : 1
Priority : Normal
FileVersion : 3.0.0
ProductVersion : 3.0.0
ProductName : Keyboard Manager
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
LegalCopyright : Copyright (c) 1999, Netropa Corp.
OriginalFilename : KeybdMgr.exe

#:21 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291131365
Threads : 4
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:22 [OSD.EXE]
FilePath : C:\PROGRAM\NETROPA\ONSCREEN DISPLAY\
ProcessID : 4291209633
Threads : 1
Priority : Normal
FileVersion : 2.43
ProductVersion : 2.43
ProductName : OSD
CompanyName : Netropa Corp.
FileDescription : Meddelanden på skärmen
InternalName : OSD
LegalCopyright : Copyright (c) 1995-1999 Netropa Corp.
LegalTrademarks : Netropa
OriginalFilename : OSD.EXE

#:23 [MMUSBKB2.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291061577
Threads : 1
Priority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : USB Multimedia Keyboard Driver 2
CompanyName : Netropa Corporation
FileDescription : USB Multimedia Keyboard Driver 2
InternalName : mmusbkb2
LegalCopyright : Copyright © 1998-1999 Netropa Corporation
OriginalFilename : mmusbkb2.exe

#:24 [WEBPROXY.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4291184621
Threads : 5
Priority : Normal
FileVersion : 4, 6, 9, 6
ProductVersion : 2, 1, 0, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:25 [AD-AWARE.EXE]
FilePath : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4290977205
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:26 [ISTSVC.EXE]
FilePath : C:\PROGRAM\ISTSVC\
ProcessID : 4290786305
Threads : 2
Priority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "{FAA356E4-D317-42A6-AB41-A3021C6E7D52}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser
Value : {FAA356E4-D317-42A6-AB41-A3021C6E7D52}

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 8


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "GQf6"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : GQf6

istbar Object Recognized!
Type : File
Data : eycqn.exe
TAC Rating : 7
Category : Malware
Comment :
Object : c:\



Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : RegData
Data : Never
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : RegData
Data : Never
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : Folder
TAC Rating : 7
Category : Malware
Comment : istbar
Object : C:\Program\ISTsvc

istbar Object Recognized!
Type : File
Data : istsvc.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Program\istsvc\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 15

20:53:44 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:01.910
Objects scanned:62079
Objects identified:15
Objects ignored:0
New critical objects:15

Sen så gjorde jag online scaningen. då hittade A2 trojan onlinescaning detta:
Starting a² Online-Check for IP 81.227.244.74 on 6/29/2005 9:19:52 PM

Portscan:
You computer is scanned for open ports now.

6711: closed
4711: closed
2140: closed
5001: closed
5000: closed
456: closed
6000: closed
12346: closed
6666: closed
8080: closed
445: closed
443: closed
2115: closed
9999: closed
20034: closed
11000: closed
2583: closed
8989: closed
421: closed
6667: closed
666: closed
170: closed
2080: closed
9000: closed
12345: closed
1047: closed
2002: closed
2001: closed
143: closed
146: closed
1099: closed
4444: closed
1090: closed
135: closed
133: closed
3000: closed
1243: closed
1081: closed
123: closed
1080: closed
121: closed
119: closed
118: closed
111: closed
113: closed
110: closed
54321: closed
99: closed
2005: closed
1050: closed
389: closed
2003: closed
139: open!
1045: closed
2000: closed
1524: closed
1042: closed
80: closed
79: closed
1034: closed
555: closed
315: closed
6767: closed
1025: closed
1024: closed
2023: closed
59: closed
58: closed
2208: closed
50: closed
53: closed
1033: closed
1000: closed
1100: closed
41: closed
1234: closed
54320: closed
514: closed
27374: closed
31: closed
40421: closed
31337: closed
25: closed
23: closed
22: closed
21: closed
3129: closed
3128: closed
19: closed
17: closed
13: closed
7000: closed
7: closed
5742: closed
2: closed
2004: closed
48: closed
999: closed
37: closed
1029: closed
4000: closed

The following ports were identified as open on your PC:


Port 139

These programs or services use this port by default:
NETBIOS Session Service (MS Windows)



Security-Test:
Public available information about your PC resp. your network are collected.

Your IP address: 81.227.244.74
Your operating system: Windows 98
Your browser: MS Internet Explorer
Full browser identification: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
Browser languages: sv

You did run the Online-Check 0 times before.

Public information about your IP address from the Whois Server:

%
%


inetnum: 81.224.0.0 - 81.236.255.255
netname: TELIANET
descr: Telia Network Services
descr: ISP
country: SE
admin-c: TR889-RIPE
tech-c: TR889-RIPE
status: ASSIGNED PA
mnt-domains: TELIANET-LIR
mnt-by: TELIANET-LIR
mnt-lower: TELIANET-LIR
mnt-routes: TELIANET-RR
source: RIPE # Filtered

role: TeliaNet Registry
address: TeliaSonera AB Networks
address: Carrier & Networks
address: Marbackagatan 11
address: SE-123 86 Farsta
address: Sweden
fax-no: +46 8 6047006
e-mail: ip@telia.net
e-mail: registry@telia.net
e-mail: dns@telia.net
e-mail: backbone@telia.net
admin-c: AA90-RIPE
tech-c: AA90-RIPE
tech-c: LK221-RIPE
tech-c: YL39-RIPE
tech-c: IC106-RIPE
tech-c: ACA-RIPE
tech-c: UL302-RIPE
tech-c: EC1084-RIPE
tech-c: JS7984-RIPE
tech-c: OE207-RIPE
tech-c: EER2-RIPE
tech-c: RR6890-RIPE
tech-c: PJ2540-RIPE
tech-c: IF264-RIPE
tech-c: LS483-RIPE
tech-c: AF145-RIPE
tech-c: VB1108-RIPE
nic-hdl: TR889-RIPE
mnt-by: TELIANET-LIR
source: RIPE # Filtered

route: 81.224.0.0/12
descr: TELIANET-BLK
origin: AS3301
mnt-by: TELIANET-RR
source: RIPE # Filtered


Your PC resp. your network is contacted now and public information will be collected.
Note: This check may take up to a minute.

No public information about your PC resp. your network could be determined.


Exploit-Test:
Your browser will be checked for installed ActiveX components of Dialers, etc. now.

IEAccess2 not found.
BCVoicePlugin not found.
TSCPlugin not found.
MoneyTreeDialer not found.
D9Dialer not found.
CABDialer not found.
SunInfoConnect.snConnect not found.
eConnect.eConn not found.
VLoading not found.
WebInstall not found.
Uloader not found.
ActiveInstall not found.
ActiveXDownload not found.
NTools.ActiveInstaller not found.
MaConnect not found.
xDiver not found.
WebPlugin_Class not found.
WebUpdate not found.
WSD not found.
IELoader not found.
Acceler8or not found.

No harmful ActiveX components were detected.


Browser-Check:
Your browser configuration will be checked for risks now.

Visual Basic Script (VBScript) Test: VBScript is activated!
VBScript is not dangerous in general. But it is used by worm virus authors to embed harmful code in HTML emails. Ensure to have the latest security updates of your browser installed to stay protected against harmful VBScripts.

Secure ActiveX Test: Invocation of secure ActiveX controls is activated.
ActiveX controls are a kind of enhancement plugins for the browser (as e.g. the Flash plugin). The classification if an ActiveX control is secure or not is done by the developer of the control. So it is also possible that a secure control can contain insecure code. Please notice, that the online Windows-Update doesn't work without ActiveX controls.

Insecure ActiveX Test: Invocation of insecure ActiveX controls is deactivated.
Insecure ActiveX controls may contain harmful code and therefore they should be deactivated or set to prompt the user before running to block controls of Dialers, etc.

Internet Explorer makes a difference between signed and unsigned ActiveX controls. Always check controls with invalid signatures before you accept them and let them install on your computer.


a² Online-Check finished on 6/29/2005 9:20:23 PM

Och Panda online scaning hittade detta:


Incident Status Location

Spyware:Spyware/ISTbar No disinfected C:\EYCQN.EXE
Spyware:Spyware/ISTbar No disinfected C:\PROGRAM\ISTSVC\ISTSVC.EXE
Spyware:Spyware/ISTbar No disinfected C:\EYCQN.EXE
Adware:Adware/XPlugin No disinfected C:\WINDOWS\SYSTEM\xplugin.dll
Adware:Adware/PowerScan No disinfected Windows Registry
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\TCPService2.exe
Adware:Adware/XPlugin No disinfected C:\WINDOWS\SYSTEM\tksrv99.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\uc1362.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\ucsl.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\ucsi.exe
Adware:Adware/XPlugin No disinfected C:\WINDOWS\SYSTEM\xplugin.dll
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\tmp3.txt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\TCPService2.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\WStart.dll
Spyware:Spyware/ISTbar No disinfected C:\Program\ISTsvc\istsvc.exe
Spyware:Spyware/ISTbar No disinfected C:\eycqn.exe


pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav Malou » ons 29 jun 2005, 21.09

Hej pipen,

Såja, AAW-loggen ser otroligt mycket bättre ut än tidigare.
Mycket bra jobbat av dig :wink:

Då tar vi itu med resterande.

Gå till kontrollpanelen lägg till/ta bort och se där om du hittar något liknande
ISTsvc / ISTbar<=Om den/de hittas. Avinstallera dem.
Töm papperskorgen.
Starta om datorn.

Skulle du vilja kopiera in en HJT-log som jag skrev om i mitt senaste inlägg. Vi får nog ge oss på den loggen för att komma till rätta med resterande.

MVH/Malou
Malou
 

Inläggav pipen » ons 29 jun 2005, 21.25

Tog bort ISTsvc och kollade med HJT och hittade detta:

Logfile of HijackThis v1.99.1
Scan saved at 22:23:49, on 2005-06-29
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PSIMSVC.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PAVPROT.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PAVFNSVR.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PREVSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM\VANLIGA FILER\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM\WINZIP\WZQKPICK.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
C:\AA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-search.cc/index.php?v=6&aff=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=Proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PavProc] C:\Program\Vanliga filer\Panda Software\PavShld\PavPrS9x.exe
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe"
O4 - HKLM\..\RunServices: [PAVPROT] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PREVSRV.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program\Microsoft Money\System\Money Express.exe"
O4 - Startup: Kalenderpåminnelser i Microsoft Works.lnk = C:\Program\Vanliga filer\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = telia.com
pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav Malou » ons 29 jun 2005, 21.46

Hej pipen,

Tog bort ISTsvc

Jättebra.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-search.cc/index.php?v=6&aff=0

De här två ovanstående detaljerna.
Är det här den startsida du har valt att använda?
******************************************************
Skriv ut nedanstående eller kopiera det till något textdokument som du sparar på skrivbordet:

Öppna aktivitetshanteraren (Ctrl+Alt+Del) och se där om du hittar
EYCQN.EXE<=Om den hittas. Avsluta processen:

Öppna HJT. Klicka på Scan-knappen. Bocka för nedanstående detalj.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=Proxy1.telia.com:8080

Då du gjort ovanstående.
Starta om datorn till felsäkert läge (tryck F8 upprepade gånger under uppstarten):
För att hitta den fil du nu skall leta upp, måste du klicka (windowstangent+E) och i verktygsfältet klicka på "Verktyg>mappalternativ" och under "Visa" klicka på "Visa dolda filer och mappar" samt avbocka "dölj filnamstillägg för kända filtyper" och "Dölj skyddade operativsystemfiler"

Sök/Leta reda på:
Delita den rödmarkerade filen:

C:\EYCQN.EXE<=Delita filen:
Töm papperskorgen:

Vidare:
Fortfarande felsäkert läge:

Gör en scanning med AAW i Full System Scan, ta bort det den hittar.

Nu:
Starta om datorn till normalläge igen:

Gör en ny scanning med Panda Onlinescanning. Kopiera in resultatet här (om något hittas).
Gör en ny scanning med AAW, kopiera in loggen hit.
Gör en ny HJT-log, kopiera in även den.
Så går vi vidare om så behövs :wink:

MVH/Malou
Malou
 

Inläggav pipen » tor 30 jun 2005, 22.00

Tror att jag fick bort den filen du sa.

Sen har jag gjort alla scan + A2 trojan:

HIJ
Logfile of HijackThis v1.99.1
Scan saved at 16:56:56, on 2005-06-30
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PSIMSVC.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PAVPROT.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PAVFNSVR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PREVSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM\VANLIGA FILER\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM\WINZIP\WZQKPICK.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\AA\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.x40nordic.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PavProc] C:\Program\Vanliga filer\Panda Software\PavShld\PavPrS9x.exe
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe"
O4 - HKLM\..\RunServices: [PAVPROT] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PREVSRV.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program\Microsoft Money\System\Money Express.exe"
O4 - Startup: Kalenderpåminnelser i Microsoft Works.lnk = C:\Program\Vanliga filer\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = telia.com

PANDA ONLINE SCAN


Incident Status Location

Adware:Adware/XPlugin No disinfected C:\WINDOWS\SYSTEM\xplugin.dll
Spyware:Spyware/ISTbar No disinfected Windows Registry
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\TCPService2.exe
Adware:Adware/XPlugin No disinfected C:\WINDOWS\SYSTEM\tksrv99.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\uc1362.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\ucsl.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\ucsi.exe
Adware:Adware/XPlugin No disinfected C:\WINDOWS\SYSTEM\xplugin.dll
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\tmp3.txt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\TCPService2.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\WStart.dll
AD_AWARe

Ad-Aware SE Build 1.06r1
Logfile Created on:den 30 juni 2005 22:42:30
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005<=Gammal referensfil används:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R51 21.06.2005
Internal build : 59
File location : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 483435 Bytes
Total size : 1461660 Bytes
Signature data size : 1429955 Bytes
Reference data size : 31193 Bytes
Signatures total : 40756
CSI Fingerprints total : 906
CSI data size : 31253 Bytes
Target categories : 15
Target families : 694


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:63732 kb
Available physical memory:3084 kb
Total page file size:2033416 kb
Available on page file:1931988 kb
Total virtual memory:2093056 kb
Available virtual memory:2040128 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-06-30 22:42:30 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


A2 Trojan online scan


Hittade en port öppen "139"


[Redigerad: Ofullständig AAW-log: Gammal referensfil används:]
Malou
pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav Malou » tor 30 jun 2005, 22.51

Hej pipen,

Jag har redigerat ditt inlägg pga att din AAW-logg var ofullständig. Den var inte uppdaterad till senaste referensfilen (har kommit ut en ny):
SE1R52 30.06.2005 <=Ny referensfil:
Uppdatera ditt AAW:
************************************************
Det var en massa otyg som Pandan hittar :evil:

Hämta hem nedanstående verktyg:
"mwaw"
http://www.spywareinfo.dk/download/mwav.exe

Spara ner den till skrivbordet. Dubbelklicka på mwav.exe sen klicka Unzip och den skapar automatiskt en ny mapp C:\Kapersky
Sen öppna Kapersky mappen och dubbelklicka på kavupd.exe och leta uppdateringar.
När den är klar så tryck på nån tangent och det blir automatiskt 2 nya mappar på C:\
C:\Bases
C:\Downloads


Öppna Downloads-mappen och måla alla filer och Klipp ut
Klicka på Kapersky-mappen och klistra in och svara ja till alla.
Sen öppna Kapersky-mappen och dubbelklicka på mwavscan.com
Bocka i Drive och Scan All Files.
Sen klicka på Scan och låt den scanna klart.
(OBS: Scanningen kan ta upp till 2 timmar)
Kopiera det som blir i nedre fönster.
Först måla svart sen Ctrl+C (kopiera)
Sen Ctrl+V (klista in). Kopiera in loggen hit.

MVH/Malou
Malou
 

Inläggav pipen » fre 01 jul 2005, 17.11

Gjort som du sa.

Med detta resultat:

File C:\WINDOWS\SYSTEM\tksrv99.exe infected by "Trojan-Dropper.Win32.Agent.ik" Virus. Action Taken: File Deleted.

File C:\WINDOWS\SYSTEM\uc1362.exe infected by "Trojan-Downloader.Win32.Small.aqw" Virus. Action Taken: File Deleted.

File C:\WINDOWS\SYSTEM\ucsl.exe infected by "Trojan-Downloader.Win32.Small.aom" Virus. Action Taken: File Deleted.

File C:\WINDOWS\SYSTEM\ucsi.exe infected by "Backdoor.Win32.Agent.bc" Virus. Action Taken: File Renamed.

File C:\WINDOWS\SYSTEM\xplugin.dll infected by "Trojan-Downloader.Win32.Esepor.ac" Virus. Action Taken: File Deleted.

File C:\WINDOWS\SYSTEM\TCPService2.exe infected by "Backdoor.Win32.Agent.bc" Virus. Action Taken: File Renamed.

File C:\WINDOWS\SYSTEM\WStart.dll infected by "Backdoor.Win32.Agent.bc" Virus. Action Taken: File Renamed.

AD-AWAER



Ad-Aware SE Build 1.06r1
Logfile Created on:den 1 juli 2005 17:51:11
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R52 30.06.2005
Internal build : 60
File location : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 485588 Bytes
Total size : 1468054 Bytes
Signature data size : 1436270 Bytes
Reference data size : 31272 Bytes
Signatures total : 40920
CSI Fingerprints total : 919
CSI data size : 31888 Bytes
Target categories : 15
Target families : 697


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:63732 kb
Available physical memory:1876 kb
Total page file size:2033416 kb
Available on page file:1874584 kb
Total virtual memory:2093056 kb
Available virtual memory:2040128 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-07-01 17:51:11 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291765859
Threads : 5
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corporation 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294906131
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bitars VxD-meddelandeserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928003
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294938931
Threads : 3
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Schemaläggaren
CompanyName : Microsoft Corporation
FileDescription : Motor för schemaläggaren
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corporation 2000
OriginalFilename : mstask.exe

#:5 [PSIMSVC.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4294961615
Threads : 4
Priority : Normal
FileVersion : 1, 3, 2, 0
ProductVersion : 1, 3, 2, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2004.
OriginalFilename : PsImSvc.exe

#:6 [PAVPROT.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4294965487
Threads : 5
Priority : Normal
FileVersion : 3, 0, 0, 804
ProductVersion : 3, 0, 0, 804
ProductName : PavProt Application
CompanyName : Panda Software
FileDescription : PavProt Application
InternalName : PAVPROT
LegalCopyright : © 2004 Panda Software. All rights reserved.
OriginalFilename : PavProt.exe

#:7 [PAVFNSVR.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4290782915
Threads : 8
Priority : Normal
FileVersion : 4.07.02
ProductVersion : 4, 7, 2, 0
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2004
OriginalFilename : PavFnSvr.exe

#:8 [PREVSRV.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4290785951
Threads : 5
Priority : Normal
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
ProductName : prevsrv
CompanyName : Panda Software
FileDescription : Panda Preventium+ © service
InternalName : prevsrv
LegalCopyright : Copyright © Panda Software 2004
OriginalFilename : prevsrv
Comments : Panda Preventium+ © service

#:9 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290777479
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290805527
Threads : 7
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft(R) Windows NT(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290996079
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290998111
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Aktivitetsfältstillbehör
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291003979
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Aktivitetsfältstillbehör
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:14 [HPSYSDRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291027011
Threads : 2
Priority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:15 [MMKEYBD.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291019779
Threads : 10
Priority : Normal
FileVersion : 3.1.1.5
ProductVersion : 3.1.1.5
ProductName : One-touch multimedia-tangentbord
CompanyName : Netropa Corp.
FileDescription : One-touch multimedia-tangentbord
InternalName : MMKEYBD
LegalCopyright : Copyright (c) 1995-1999 Netropa Corp.
Med ensamrätt.
OriginalFilename : MMKEYBD.EXE

#:16 [APVXDWIN.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4291036183
Threads : 11
Priority : Normal
FileVersion : 4.07.09
ProductVersion : 4.07.09
ProductName : Panda Antivirus Aplication
CompanyName : Panda Software International
FileDescription : ApVxdWin
InternalName : ApVxdWin.exe
LegalCopyright : © Panda Software 2004
OriginalFilename : ApVxdWin.exe

#:17 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4291062103
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) operativsystem
CompanyName : Microsoft Corporation
FileDescription : Kör en DLL-fil som ett program
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:18 [WKCALREM.EXE]
FilePath : C:\PROGRAM\VANLIGA FILER\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4291070807
Threads : 3
Priority : Normal
FileVersion : 5.00.2004.0
ProductVersion : 5.00.2004.0
ProductName : Microsoft® Works 2000
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : © 1999 Microsoft Corp. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:19 [WZQKPICK.EXE]
FilePath : C:\PROGRAM\WINZIP\
ProcessID : 4291111651
Threads : 2
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:20 [KEYBDMGR.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291033591
Threads : 1
Priority : Normal
FileVersion : 3.0.0
ProductVersion : 3.0.0
ProductName : Keyboard Manager
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
LegalCopyright : Copyright (c) 1999, Netropa Corp.
OriginalFilename : KeybdMgr.exe

#:21 [OSD.EXE]
FilePath : C:\PROGRAM\NETROPA\ONSCREEN DISPLAY\
ProcessID : 4291144399
Threads : 1
Priority : Normal
FileVersion : 2.43
ProductVersion : 2.43
ProductName : OSD
CompanyName : Netropa Corp.
FileDescription : Meddelanden på skärmen
InternalName : OSD
LegalCopyright : Copyright (c) 1995-1999 Netropa Corp.
LegalTrademarks : Netropa
OriginalFilename : OSD.EXE

#:22 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291137799
Threads : 5
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:23 [MMUSBKB2.EXE]
FilePath : C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4291161555
Threads : 1
Priority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : USB Multimedia Keyboard Driver 2
CompanyName : Netropa Corporation
FileDescription : USB Multimedia Keyboard Driver 2
InternalName : mmusbkb2
LegalCopyright : Copyright © 1998-1999 Netropa Corporation
OriginalFilename : mmusbkb2.exe

#:24 [WEBPROXY.EXE]
FilePath : C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\
ProcessID : 4291019731
Threads : 5
Priority : Normal
FileVersion : 4, 6, 9, 6
ProductVersion : 2, 1, 0, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:25 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291307647
Threads : 3
Priority : Realtime
FileVersion : 4.07.00.0700
ProductVersion : 4.07.00.0700
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : DDHelp.exe

#:26 [AD-AWARE.EXE]
FilePath : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4291306195
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:hp-auktoriserad kund@atdmt.com/
Expires : 2010-06-30 02:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:hp-auktoriserad kund@imrworldwide.com/cgi-bin
Expires : 2009-01-19 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp-auktoriserad kund@doubleclick.net/
Expires : 2005-07-01 17:13:18
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:hp-auktoriserad kund@tradedoubler.com/
Expires : 2005-07-31 16:52:30
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp-auktoriserad kund@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\hp-auktoriserad kund@tradedoubler[1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

18:07:57 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:46.70
Objects scanned:65976
Objects identified:8
Objects ignored:0
New critical objects:8
pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav Malou » fre 01 jul 2005, 17.29

Hej pipen,

Det ser riktigt strålande ut det här tycker jag :wink:
Ad-Aware är ren och fin. Kan inte hitta några otrevligheter eller andra konstigheter längre. Bortsett från några Trackin Cookies. Dessa kan du rensa bort med antingen AAW eller CCleaner.

För säkerhets skull:
Starta datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten):
För att hitta den mapp du nu skall leta upp, måste du klicka (windowstangent+E) och i verktygsfältet klicka på "Verktyg>mappalternativ" och under "Visa" klicka på "Visa dolda filer och mappar" samt avbocka "dölj filnamstillägg för kända filtyper" och "Dölj skyddade operativsystemfiler"

Sök/leta reda på:
Delita den rödmarkerade mappen (om den hittas):
C:\PROGRAM\ISTSVC<=Delita hela mappen ISTSVC med innehåll:

Töm papperskorgen:
Starta om datorn till normalläge igen:

Skulle du nu vilja göra en ny scanning med Panda Online och kopiera in det resultatet hit (om något hittas).
Gör även en ny HJT-log, kopiera även in den.

Hur mår datorn nu?
Kvarstår det några problem?

MVH/Malou
Malou
 

Inläggav pipen » lör 02 jul 2005, 19.35

Tog bort en mapp men den inehöll massa andra också, får se hur det går iframtiden :D

Sen så har jag en allmänt slö dator från början, men jag känner av skillnaden. Gött att få bort lite skit.

Hur ofta kör man cclean och Ad-aware på datorn, för att hålla den ren. Är det några andra program man ska köra också för att hålla datorn i tipp topp

Måste också ge dig ett jätte stort tack och beröm dig att du är så snäll och hjälper en som inte fattar nåt vidare om sånt. Keep the god work going =)

Här har du filerna panda online scan hittade:


Incident Status Location

Adware:Adware/XPlugin No disinfected Windows Registry
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\tmp3.txt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\ucsi.exe.mwt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\TCPService2.exe.mwt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\tmp3.txt
Logfile of HijackThis v1.99.1
Scan saved at 19:32:18, on 2005-07-02
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PSIMSVC.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PAVPROT.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PAVFNSVR.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PREVSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM\VANLIGA FILER\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM\WINZIP\WZQKPICK.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\AA\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.x40nordic.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PavProc] C:\Program\Vanliga filer\Panda Software\PavShld\PavPrS9x.exe
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe"
O4 - HKLM\..\RunServices: [PAVPROT] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavprot.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PREVSRV.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program\Microsoft Money\System\Money Express.exe"
O4 - Startup: Kalenderpåminnelser i Microsoft Works.lnk = C:\Program\Vanliga filer\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = telia.com
pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav Malou » lör 02 jul 2005, 20.12

Hej pipen,

Tack så jättemycket för de vänliga orden och berömmet (värmer att höra) :oops:
Och tack själv för att vi får hjälpa och det är bara roligt att kunna få hjälpa :wink:

Tog bort en mapp men den inehöll massa andra också, får se hur det går iframtiden

Ok.
Vad var det för mapp?
Var det C:\PROGRAM\ISTSVC<=den här mappen?
Om så är fallet så är det bara bra att allt togs bort.

Sen så har jag en allmänt slö dator från början, men jag känner av skillnaden. Gött att få bort lite skit.

Du kanske behöver göra en diskdefragmentering?
Kan pigga upp datorn en hel del.

Hur ofta kör man cclean och Ad-aware på datorn, för att hålla den ren. Är det några andra program man ska köra också för att hålla datorn i tipp topp

Själv brukar jag köra Ad-Awaren ca 1 gång i veckan för att kontrollera så att allt är rent och snyggt (och det brukar det vara).
CCleaner har jag satt att den skall rensa automatiskt vid uppstarten av datorn, men brukar även göra en rensning då jag stänger av datorn för kvällen/natten.
Men det är upp till var och en att avgöra hur man vill göra.
På nedanstående sida/länk har du två bra och nyttiga program:
Här finns information samt nerladdningslänkar för båda programmen:
Spyware Blaster och Spywareguard
=> Nyttiga bra program mot spyware!

Lite extra tips:
Kontrollera att ditt antivirusprogram har automatiska uppdateringar. Gör även manuella uppdateringar mellan varven av ditt antivirusprogram.
Gör även scanningar med ditt antivirusprogram någon gång då och då.
Gör även onlinescanningar med jämna mellanrum för att kontrollera.
Viktigt:
Hämta hem alla säkerhetsuppdateringar som finns tillgängliga för ditt Windows System, Internet Explorer och Outlook Express.
********************************************************
Adware:Adware/XPlugin No disinfected Windows Registry
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\tmp3.txt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\ucsi.exe.mwt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\TCPService2.exe.mwt
Adware:Adware/Admess No disinfected C:\WINDOWS\SYSTEM\tmp3.txt

Ovanstående resultat från Pandan visar på att den scannern du körde "mwaw" som jag bad dig om i ett tidigare inlägg här ovan visar på att den har gjort sitt jobb och döpt om filrna så som den talade om att den gjorde.
Dessa filer kan du delita om du vill:

Starta datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten):
För att hitta de filer du nu skall leta upp, måste du klicka (windowstangent+E) och i verktygsfältet klicka på "Verktyg>mappalternativ" och under "Visa" klicka på "Visa dolda filer och mappar" samt avbocka "dölj filnamstillägg för kända filtyper" och "Dölj skyddade operativsystemfiler"

Sök/leta reda på:
Delita de rödmarkerade filerna (om den hittas):

C:\WINDOWS\SYSTEM\tmp3.txt <=Delita filen:
C:\WINDOWS\SYSTEM\ucsi.exe.mwt <=Delita filen:
C:\WINDOWS\SYSTEM\TCPService2.exe.mwt <=Delita filen:
C:\WINDOWS\SYSTEM\tmp3.txt <=Delita filen:

Töm papperskorgen:
Starta om datorn till normalläge igen:
****************************************************
Ang din HJT-log så ser den numera ren och fin ut igen. Kan inte hitta några otrevligheter eller andra konstigheter i den längre. Bortsett från nedanstående detalj som jag är lite undrande över:
Är det här den startsida du har valt att använda?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.x40nordic.com/

För övrigt så har du gjort ett alldeles utomordentligt jobb :wink:

MVH/Malou
Malou
 

Inläggav pipen » lör 02 jul 2005, 20.36

Mappen hete nåt på app...., filen låg där bland dom andra. Har inte märkt att nåt program slutat funka. Hittade nämligen ingen mapp med det namnet.

När jag tagit bort filern så är datorn klar, ren och fin?

Hemsidan jag har är till bilklubben jag är medlem i. Jäkligt snälla personer där med, bara att fråga så får man svar. Prices som här =)

Föresten om diskdefragmenteringen inte går ingång vad är fel då?

Tack för all hjälp och tips jag fått. Blir en fröjd nu när man ska in på datorn igen.

M.V.H "Pipen" En nöjd dator anvädare igen =)
pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav pipen » lör 02 jul 2005, 22.01

Enda filen som är infecterad:
Hur får jag bort den?

Incident Status Location

Adware:Adware/XPlugin No disinfected Windows Registry
Vilken ruta ska jag kryssa ur på cclenar för att mina internet sidor ska va kvar?
pipen
 
Inlägg: 21
Blev medlem: tis 28 jun 2005, 20.06

Inläggav Malou » lör 02 jul 2005, 22.01

Hej pipen,
Hemsidan jag har är till bilklubben jag är medlem i. Jäkligt snälla personer där med, bara att fråga så får man svar. Prices som här =)

Låter bra att de är snälla på den hemsidan :wink:
Och tack för att du tycker så om oss.

Mappen hete nåt på app...., filen låg där bland dom andra. Har inte märkt att nåt program slutat funka. Hittade nämligen ingen mapp med det namnet.

Ok.
Då håller vi tummarna för att så förbli (att inga program slutar fungerar).

När jag tagit bort filern så är datorn klar, ren och fin?

Om du menar de sistnämda filerna jag uppgav, så skall datorn vara ren och fin. Igentligen så utgör de inget hot eftersom "mwaw" döpte om dem. Men för att vara på den säkra sidan så delita dem.

Föresten om diskdefragmenteringen inte går ingång vad är fel då?

Lite svårt att svara på varför den inte går igång.
Har du markerat vilken disk som skall defragmenteras?
Windows 98's diskdefragmenterare brukar inte vara någon höjdare precis, brukar i regel krångla.
Det finns ett litet defragmenteringsprogram som man kan ladda hem och installera och passar alldeles utmärkt till Windows 98 system. Dessutom är det gratis att använda.
Diskeeper Lite 7.0 Build 418
=> Diskeeper lite

Ha det så bra och var rädd om datorn.
Och tack för att vi fick hjälpa :wink:

MVH/Malou
Malou
 

Nästa

Återgå till Lösta och gamla problem/arkiv

Vilka är online

Användare som besöker denna kategori: Majestic-12 [Bot] och 0 gäster

cron