Hot och hot

[FluH]

Jag har använt Norton Antivirus under flera år. Programmet kan inte ta bort två funna "hot": MediaTicketsInstaller.ocx och rundlg32.dll. I avsikt att få hjälp online av olika antivirusprogram, stötte jag på HouseCall (Trend Micro). Vid en körning hittades hela 44 infekterade filer på min PC, däremot inte ovannämnda "hot"... Klart att man tappar förtroendet för den här "branschen" :-(

 

 

[Malou_031]

Hej FluH

Ser att du har fått hjälp i den här nedanstående tråden, men att det inte gått så bra

http://pcsupport.idg.se/viewmsg.asp?EntriesId=400602

 

Ad-Awaren klarar av att ta bort MediaTicketsInstaller.ocx

 

Vilken version av Ad-Awaren har du?

 

Om du har Ad-Aware SE Personal 1.05

Så ställ in programmet på Full System Scan

Här läser du instruktionerna om hur du ställer in programmet:

Ställ in programmet på Full System Scan:

http://www.lavasoftsupport.com/index.php?showtopic=42066

Inaktivera "Search for negligible risk entries", eftersom dessa objekt (MRU's) inte ses som ett hot.

 

Då du gjort ovanstående.

Gör nu en scanning med Ad-Awaren i Full System Scan och lägg in loggen här så tar jag en titt på den.

Utifrån den Ad-Awareloggen går vi vidare med arbetet för att bli av med otrevligheterna.

 

MVH/Malou

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

[inlägget ändrat 2004-10-12 17:20:49 av malou jansson]

[FluH]

Jag har Ad-Aware SE Personal 1.05 med Full system scan och uteslutande av negligerbara risker + rekommenderade inställningar.

Ad-Aware tar enligt min mening inte bort MediaTicketsInstaller.ocx.

Loggen kommer här, mycket lång.

 

Ad-Aware SE Build 1.05

Logfile Created on:den 12 oktober 2004 17:57:14

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

None

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R11 07.10.2004

Internal build : 16

File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 353470 Bytes

Total size : 1162664 Bytes

Signature data size : 1138651 Bytes

Reference data size : 23501 Bytes

Signatures total : 31468

Fingerprints total : 206

Fingerprints size : 9362 Bytes

Target categories : 15

Target families : 579

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:43 %

Total physical memory:523268 kb

Available physical memory:220408 kb

Total page file size:1278684 kb

Available on page file:1051452 kb

Total virtual memory:2097024 kb

Available virtual memory:2049612 kb

OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-12 17:57:14 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 660

ThreadCreationTime : 2004-10-12 14:34:24

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 708

ThreadCreationTime : 2004-10-12 14:34:25

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 732

ThreadCreationTime : 2004-10-12 14:34:27

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 776

ThreadCreationTime : 2004-10-12 14:34:28

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 788

ThreadCreationTime : 2004-10-12 14:34:28

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 964

ThreadCreationTime : 2004-10-12 14:34:29

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1068

ThreadCreationTime : 2004-10-12 14:34:29

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1232

ThreadCreationTime : 2004-10-12 14:34:30

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1256

ThreadCreationTime : 2004-10-12 14:34:30

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [ccsetmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1464

ThreadCreationTime : 2004-10-12 14:34:30

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:11 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 1524

ThreadCreationTime : 2004-10-12 14:34:30

BasePriority : Normal

FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)

ProductVersion : 6.00.2800.1221

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:12 [ccevtmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1544

ThreadCreationTime : 2004-10-12 14:34:30

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1728

ThreadCreationTime : 2004-10-12 14:34:31

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [dsentry.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1928

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 1, 0, 2, 0

ProductVersion : 1, 0, 2, 0

ProductName : Dell - DVDSentry

CompanyName : Dell - Advanced Desktop Engineering

FileDescription : DVDSentry

InternalName : DVDSentry

LegalCopyright : Copyright © 2002 Dell

OriginalFilename : DSentry.exe

Comments : DVDSentry launches your software DVD player when a DVD is inserted.

 

#:15 [ctsysvol.exe]

FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1936

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 1.0.9.0

ProductVersion : 1.0.0.0

ProductName : Creative Volume Control

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTSysVol.exe

 

#:16 [ctdvddet.exe]

FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1944

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

ProductName : CTDVDDET

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTDVDDET.EXE

 

#:17 [cthelper.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1952

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 1, 0, 0, 10

ProductVersion : 1, 0, 0, 10

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:18 [directcd.exe]

FilePath : C:\Program\Roxio\Easy CD Creator 5\DirectCD ProcessID : 1964

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 5.2.0.91

ProductVersion : 5.2.0.91

ProductName : DirectCD

CompanyName : Roxio

FileDescription : DirectCD Application

InternalName : DirectCD

LegalCopyright : Copyright © 2001-2002, Roxio, Inc.

OriginalFilename : Directcd.exe

 

#:19 [qttask.exe]

FilePath : C:\Program\QuickTime ProcessID : 1984

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 6.0.2

ProductVersion : QuickTime 6.0.2

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2002

OriginalFilename : QTTask.exe

 

#:20 [hpztsb06.exe]

FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3 ProcessID : 1992

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 2,133,0,0

ProductVersion : 2,133,0,0

ProductName : HP DeskJet

CompanyName : HP

LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

 

#:21 [ccapp.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 2000

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Symantec Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:22 [atiptaxx.exe]

FilePath : C:\Program\ATI Technologies\ATI Control Panel ProcessID : 2008

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 6.14.10.5061

ProductVersion : 6.14.10.5061

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:23 [zlclient.exe]

FilePath : C:\Program\Zone Labs\ZoneAlarm ProcessID : 120

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 5.1.033.000

ProductVersion : 5.1.033.000

ProductName : Zone Labs Client

CompanyName : Zone Labs Inc.

FileDescription : Zone Labs Client

InternalName : zlclient

LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.

OriginalFilename : zlclient.exe

 

#:24 [ctfmon.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 140

ThreadCreationTime : 2004-10-12 14:34:33

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:25 [psfree.exe]

FilePath : C:\Program\PANICW~1\POP-UP~1 ProcessID : 192

ThreadCreationTime : 2004-10-12 14:34:34

BasePriority : Normal

FileVersion : 3, 1, 0, 1010

ProductVersion : 1, 0, 0, 1

ProductName : Pop-Up Stopper Free Edition

CompanyName : Panicware, Inc.

FileDescription : Pop-Up Stopper Free Edition

InternalName : Pop-Up Stopper Free Edition

LegalCopyright : Copyright © 2002-2003

OriginalFilename : PSFree.exe

 

#:26 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 976

ThreadCreationTime : 2004-10-12 14:34:38

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:27 [mdm.exe]

FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug ProcessID : 1016

ThreadCreationTime : 2004-10-12 14:34:38

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright © Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

 

#:28 [navapsvc.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 1088

ThreadCreationTime : 2004-10-12 14:34:42

BasePriority : Normal

FileVersion : 10.00.2

ProductVersion : 10.00.2

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:29 [savscan.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 1224

ThreadCreationTime : 2004-10-12 14:34:45

BasePriority : Normal

FileVersion : 9.2.1.14

ProductVersion : 9.2

ProductName : Symantec AntiVirus AutoProtect

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus Scanner

InternalName : SAVSCAN

LegalCopyright : Copyright © 2003 Symantec Corporation

OriginalFilename : SAVSCAN.EXE

 

#:30 [vsmon.exe]

FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs ProcessID : 1368

ThreadCreationTime : 2004-10-12 14:34:46

BasePriority : Normal

FileVersion : 5.1.033.000

ProductVersion : 5.1.033.000

ProductName : TrueVector Service

CompanyName : Zone Labs Inc.

FileDescription : TrueVector Service

InternalName : vsmon

LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.

OriginalFilename : vsmon.exe

 

#:31 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1828

ThreadCreationTime : 2004-10-12 14:34:46

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp. 1981-2000

OriginalFilename : MSPMSPSV.EXE

 

#:32 [iexplore.exe]

FilePath : C:\Program\Internet Explorer ProcessID : 2856

ThreadCreationTime : 2004-10-12 15:48:23

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : IEXPLORE.EXE

 

#:33 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 852

ThreadCreationTime : 2004-10-12 15:51:44

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:34 [msmsgs.exe]

FilePath : C:\Program\Messenger ProcessID : 3424

ThreadCreationTime : 2004-10-12 15:56:53

BasePriority : Normal

FileVersion : 4.7.2009

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 1997-2003

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 0

 

 

18:04:43 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:07:29.218

Objects scanned:103906

Objects identified:0

Objects ignored:0

New critical objects:0

 

 

 

 

[Malou_031]

Hej FluH

Det här var mycket märkligt.

Jag kan inte se att det finns någon MediaTicketsInstaller.ocx i din Ad-Awarelog.

 

En annan sak som också är märklig:

Då jag tittar på din HJT-log i den andra tråden, så ser jag inte HiJack This.exe filen någonstans.

**********************************

**********************************

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger):

Gör en scanning med Ad-Awaren i Full System Scan, ta inte bort något. Starta om datorn till normalläge igen. Lägg in loggen här.

 

Gör en HJT-log och lägg in.

Kontrollera att HiJack This.exe filen liggen i en alldeles egen mapp på c:enheten (Mycket viktigt)

 

MVH/Malou

 

 

 

 

 

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

[FluH]

Ad-Awareloggen i felsäkert läge:

 

Ad-Aware SE Build 1.05

Logfile Created on:den 12 oktober 2004 20:52:23

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie(TAC index:3):2 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R11 07.10.2004

Internal build : 16

File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 353470 Bytes

Total size : 1162664 Bytes

Signature data size : 1138651 Bytes

Reference data size : 23501 Bytes

Signatures total : 31468

Fingerprints total : 206

Fingerprints size : 9362 Bytes

Target categories : 15

Target families : 579

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:79 %

Total physical memory:523268 kb

Available physical memory:412256 kb

Total page file size:1280216 kb

Available on page file:1222772 kb

Total virtual memory:2097024 kb

Available virtual memory:2053488 kb

OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-12 20:52:23 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 156

ThreadCreationTime : 2004-10-12 18:50:46

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 208

ThreadCreationTime : 2004-10-12 18:50:54

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 232

ThreadCreationTime : 2004-10-12 18:50:57

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 276

ThreadCreationTime : 2004-10-12 18:51:00

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 288

ThreadCreationTime : 2004-10-12 18:51:00

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 448

ThreadCreationTime : 2004-10-12 18:51:03

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 472

ThreadCreationTime : 2004-10-12 18:51:03

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 700

ThreadCreationTime : 2004-10-12 18:51:16

BasePriority : Normal

FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)

ProductVersion : 6.00.2800.1221

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:9 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 836

ThreadCreationTime : 2004-10-12 18:52:11

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : ulf löfgren@statcounter[1].txt

Category : Data Miner

Comment : Hits:6

Value : Cookie:ulf löfgren@statcounter.com/

Expires : 2009-10-11 19:47:18

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : ulf löfgren@tradedoubler[2].txt

Category : Data Miner

Comment : Hits:2

Value : Cookie:ulf löfgren@tradedoubler.com/

Expires : 2004-10-16 19:35:02

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 2

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 2

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2

 

21:00:43 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:08:20.453

Objects scanned:90914

Objects identified:2

Objects ignored:0

New critical objects:2

 

 

 

 

 

 

 

[FluH]

HijackThis igen:

 

 

Logfile of HijackThis v1.98.2

Scan saved at 21:12:59, on 2004-10-12

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\PANICW~1\POP-UP~1\PSFree.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\HiJT\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.comhem.se/'>http://login1.comhem.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093321811546

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A42889C5-62E1-419A-90C2-C9E958D69990} (Genline Family Finder Component) - http://www.genline.se/GFFControl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

 

 

 

[Malou_031]

Hej FluH

 

De här två hittar jag inte någonstans i dina loggor.

MediaTicketsInstaller.ocx och rundlg32.dll

 

Vi testar det här först. Om inte det hjälper så får vi ta till andra metoder.

 

Det är viktigt att du "rensar/tömmer" följande mappar (Men ta inte bort själva mappen/mapparna) .

Logga ut från Internet (För Bredband/Cabel Användare, det rekommenderas att dra ur nätverkskabeln) och Stäng alla öppna fönster/program.

En del mappar kan vara gömda, så för att hitta den klicka på (Windowstangent+E) och i verktygsfältet klicka "Verktyg>Mappalternativ" och under "Visa" bocka för "Visa dolda filer och mappar"

 

1. C:\Windows\Temp

2. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temporary Internet Files\ <=Det här tömmer Cachen, Temporära Internetfiler och Cookies.

3. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temp[FET]

Om fler användare finns. Gör även steg 4 och 5:[/FET]

4. C:\Documents and Settings\<Övrigas användares Användarnamn>\Local Settings\Temporary Internet Files

5. C:\Documents and Settings\<Övriga användares Användarnamn>\Local Settings\Temp

6. Töm "Papperskorgen" "Starta om datorn"

 

Då du gjort ovanstående:

 

Stäng ner Internet (logga ut):

Öppna HJT. Klicka på Scan-knappen. Bocka för nedanstående detaljer. Klicka på Fix Checked-knappen. Starta om datorn.

[FET]

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/se/sve/gen/default.htm

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime <-Onödig att ha i samband vid uppstarten av datorn. Du avgör själv om du vill bocka den eller inte:

 

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

 

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

 

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.c

ab

 

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

 

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8

6/client/wuweb_site.cab?1093321811546

 

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa

.cab

 

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.

CAB

 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

O16 - DPF: {A42889C5-62E1-419A-90C2-C9E958D69990} (Genline Family Finder Component) - http://www.genline.se/GFFControl.cab

 

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

 

O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll

 

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.ca

b

 

[bLÅ]Ang dina O16-objekt i din log. Nästa gång de behövs på nätet blir du tillfrågad om att ladda ner dem igen.

O16-filerna ligger i "Downloaded Program Files".[/bLÅ]

[/FET]

 

Då du gjort ovanstående och startat om datorn.

 

Gör nu en scanning med ditt antivirusprogram för att se om du får de här varningarna igen. Kontrollera även var de här finns någonstans.

 

Scanna inte i felsäkert läge den här gången:

Gör även en ny scanning med Ad-Awaren i Full System Scan Ta inte bort något:

Lägg in loggen här.

Gör även en ny HJT-log och lägg in

 

MVH/Malou

 

 

 

 

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

 

 

[inlägget ändrat 2004-10-12 21:47:12 av malou jansson]

[inlägget ändrat 2004-10-12 21:49:37 av malou jansson]

[inlägget ändrat 2004-10-12 21:50:36 av malou jansson]

[inlägget ändrat 2004-10-12 21:53:43 av malou jansson]

[927]

 

alltså, säger panda OCH norton att filerna finns i datorn på plats x men när du kollar på plats x så finns dom ej?

 

[FluH]

De rekommenderade åtgärederna är nu utförda.

Efter körning med Norton Antivirus indikeras att hoten finns kvar:

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaTicketsInstaller.ocx

C:\WINDOWS\Downloaded Program Files\rundlg32.dll

 

Ad-Aware-loggen kommer här, följd av HJT-loggen.

 

Ad-Aware SE Build 1.05

Logfile Created on:den 13 oktober 2004 08:46:24

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

None

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R11 07.10.2004

Internal build : 16

File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 353470 Bytes

Total size : 1162664 Bytes

Signature data size : 1138651 Bytes

Reference data size : 23501 Bytes

Signatures total : 31468

Fingerprints total : 206

Fingerprints size : 9362 Bytes

Target categories : 15

Target families : 579

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:55 %

Total physical memory:523268 kb

Available physical memory:284696 kb

Total page file size:1278684 kb

Available on page file:1082268 kb

Total virtual memory:2097024 kb

Available virtual memory:2049824 kb

OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-13 08:46:24 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 540

ThreadCreationTime : 2004-10-13 06:24:46

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 668

ThreadCreationTime : 2004-10-13 06:24:48

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 696

ThreadCreationTime : 2004-10-13 06:24:50

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 740

ThreadCreationTime : 2004-10-13 06:24:51

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 752

ThreadCreationTime : 2004-10-13 06:24:51

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 912

ThreadCreationTime : 2004-10-13 06:24:52

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 960

ThreadCreationTime : 2004-10-13 06:24:53

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1092

ThreadCreationTime : 2004-10-13 06:24:53

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1104

ThreadCreationTime : 2004-10-13 06:24:54

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [ccsetmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1332

ThreadCreationTime : 2004-10-13 06:24:55

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:11 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 1340

ThreadCreationTime : 2004-10-13 06:24:55

BasePriority : Normal

FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)

ProductVersion : 6.00.2800.1221

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:12 [ccevtmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1396

ThreadCreationTime : 2004-10-13 06:24:55

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1548

ThreadCreationTime : 2004-10-13 06:24:55

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1660

ThreadCreationTime : 2004-10-13 06:24:56

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:15 [mdm.exe]

FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug ProcessID : 1708

ThreadCreationTime : 2004-10-13 06:24:58

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright © Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

 

#:16 [navapsvc.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 1796

ThreadCreationTime : 2004-10-13 06:24:58

BasePriority : Normal

FileVersion : 10.00.2

ProductVersion : 10.00.2

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:17 [savscan.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 1868

ThreadCreationTime : 2004-10-13 06:24:59

BasePriority : Normal

FileVersion : 9.2.1.14

ProductVersion : 9.2

ProductName : Symantec AntiVirus AutoProtect

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus Scanner

InternalName : SAVSCAN

LegalCopyright : Copyright © 2003 Symantec Corporation

OriginalFilename : SAVSCAN.EXE

 

#:18 [vsmon.exe]

FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs ProcessID : 1944

ThreadCreationTime : 2004-10-13 06:25:00

BasePriority : Normal

FileVersion : 5.1.033.000

ProductVersion : 5.1.033.000

ProductName : TrueVector Service

CompanyName : Zone Labs Inc.

FileDescription : TrueVector Service

InternalName : vsmon

LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.

OriginalFilename : vsmon.exe

 

#:19 [dsentry.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2012

ThreadCreationTime : 2004-10-13 06:25:00

BasePriority : Normal

FileVersion : 1, 0, 2, 0

ProductVersion : 1, 0, 2, 0

ProductName : Dell - DVDSentry

CompanyName : Dell - Advanced Desktop Engineering

FileDescription : DVDSentry

InternalName : DVDSentry

LegalCopyright : Copyright © 2002 Dell

OriginalFilename : DSentry.exe

Comments : DVDSentry launches your software DVD player when a DVD is inserted.

 

#:20 [ctsysvol.exe]

FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 2020

ThreadCreationTime : 2004-10-13 06:25:01

BasePriority : Normal

FileVersion : 1.0.9.0

ProductVersion : 1.0.0.0

ProductName : Creative Volume Control

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTSysVol.exe

 

#:21 [ctdvddet.exe]

FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 2028

ThreadCreationTime : 2004-10-13 06:25:01

BasePriority : Normal

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

ProductName : CTDVDDET

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTDVDDET.EXE

 

#:22 [cthelper.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2036

ThreadCreationTime : 2004-10-13 06:25:01

BasePriority : Normal

FileVersion : 1, 0, 0, 10

ProductVersion : 1, 0, 0, 10

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:23 [directcd.exe]

FilePath : C:\Program\Roxio\Easy CD Creator 5\DirectCD ProcessID : 2044

ThreadCreationTime : 2004-10-13 06:25:01

BasePriority : Normal

FileVersion : 5.2.0.91

ProductVersion : 5.2.0.91

ProductName : DirectCD

CompanyName : Roxio

FileDescription : DirectCD Application

InternalName : DirectCD

LegalCopyright : Copyright © 2001-2002, Roxio, Inc.

OriginalFilename : Directcd.exe

 

#:24 [hpztsb06.exe]

FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3 ProcessID : 144

ThreadCreationTime : 2004-10-13 06:25:01

BasePriority : Normal

FileVersion : 2,133,0,0

ProductVersion : 2,133,0,0

ProductName : HP DeskJet

CompanyName : HP

LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

 

#:25 [ccapp.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 164

ThreadCreationTime : 2004-10-13 06:25:01

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Symantec Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:26 [atiptaxx.exe]

FilePath : C:\Program\ATI Technologies\ATI Control Panel ProcessID : 180

ThreadCreationTime : 2004-10-13 06:25:02

BasePriority : Normal

FileVersion : 6.14.10.5061

ProductVersion : 6.14.10.5061

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:27 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 188

ThreadCreationTime : 2004-10-13 06:25:03

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp. 1981-2000

OriginalFilename : MSPMSPSV.EXE

 

#:28 [zlclient.exe]

FilePath : C:\Program\Zone Labs\ZoneAlarm ProcessID : 236

ThreadCreationTime : 2004-10-13 06:25:03

BasePriority : Normal

FileVersion : 5.1.033.000

ProductVersion : 5.1.033.000

ProductName : Zone Labs Client

CompanyName : Zone Labs Inc.

FileDescription : Zone Labs Client

InternalName : zlclient

LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.

OriginalFilename : zlclient.exe

 

#:29 [ctfmon.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 288

ThreadCreationTime : 2004-10-13 06:25:04

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:30 [psfree.exe]

FilePath : C:\Program\PANICW~1\POP-UP~1 ProcessID : 340

ThreadCreationTime : 2004-10-13 06:25:04

BasePriority : Normal

FileVersion : 3, 1, 0, 1010

ProductVersion : 1, 0, 0, 1

ProductName : Pop-Up Stopper Free Edition

CompanyName : Panicware, Inc.

FileDescription : Pop-Up Stopper Free Edition

InternalName : Pop-Up Stopper Free Edition

LegalCopyright : Copyright © 2002-2003

OriginalFilename : PSFree.exe

 

#:31 [msmsgs.exe]

FilePath : C:\Program\Messenger ProcessID : 1980

ThreadCreationTime : 2004-10-13 06:45:08

BasePriority : Normal

FileVersion : 4.7.2009

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 1997-2003

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:32 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 1788

ThreadCreationTime : 2004-10-13 06:46:05

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 0

 

 

08:53:48 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:07:23.656

Objects scanned:100851

Objects identified:0

Objects ignored:0

New critical objects:0

 

 

Logfile of HijackThis v1.98.2

Scan saved at 08:55:58, on 2004-10-13

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\PANICW~1\POP-UP~1\PSFree.exe

C:\HiJT\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.comhem.se/'>http://login1.comhem.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

 

 

 

 

[927]

 

som jag tidigare skrev så kan man inte alltid lita på res av norton scan därför skulle du testa med panda.

MEN jag är till 99,9% säker på att du har inte dessa två filer i datorn.

skulle dom funnits så hade dom funnits med i hjt, tex.

 

så här ser dom ut i hjt, när dom finns alltså...

 

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll

 

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

 

 

[Malou_031]

Hej FluH

 

[CITAT]De rekommenderade åtgärederna är nu utförda.

Efter körning med Norton Antivirus indikeras att hoten finns kvar:

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaTicketsInstaller.ocx

C:\WINDOWS\Downloaded Program Files\rundlg32.dll[/CITAT]

Ok.

Ang rundlg32.dll så är det en svår variant av CWS som du har råkat ut för. Den varianten som du tycks ha är att den visar sig inte i en HJT-log eller Ad-Awarelog. Likadant är det när du söker efter den i datorn så hittas den inte pga att den har en förmåga att gömma/dölja sig (trots att du vet att den finns där)och att Norton hittar den, men inte kan göra något åt den (bara varnar för att den finns där).

Och för att (förhoppningsvis) få bukt med rundlg32.dll så behöver jag använda mig av ett verktyg som heter FINDnFIX.

Och för att jag skall kunna få använda mig av diverse verktyg (Bla FINDnFIX). Så undrar jag om du skulle vilja hoppa över till mitt hemmaforum(Lavasupporten)

där jag har tillstånd/behörighet att använda dessa.

Om du känner/tycker att du vill det här, så lämna ett svar här i tråden, så ger jag dig information här i tråden om hur du gör för att registrera dig på Lavasupporten samt diverse annan information (som kanske kan behövas).

Det kan vara lite krångligt inne på Lavaforumet eftersom det finns en Engelsk del samt en svensk del och det gäller att du hamnar och postar på den svenska delen *ler*

 

Lämna gärna ett svar på hur du vill göra.

 

MVH/Malou

 

 

 

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten

 

 

 

[Zipp.]

Du kan också pröva så

 

Öppna Hijack

Klicka Config..

Klicka Misc Tools

Klicka Delete a file on reboot

 

Sen klistra detta dit

 

C:\WINDOWS\Downloaded Program Files\rundlg32.dll

 

Öppna filen dit och starta om datorn

 

Scanna sen med Norton om den är kvar.

 

 

 

 

 

[FluH]

Hej Zipp!

 

Du hade lösningen!

Både rundlg32.dll och MediaTicketsInstaller.ocx är nu borta från min PC.

Tackar, tackar!

 

Tack också till malou som tog sig tid att försöka hjälpa mig!

 

 

[Malou_031]

Hej FluH

 

Toppen att det funkade och att du äntligen blev av med otyget.

 

MVH/Malou

***** Ha En Fortsatt Underbar Dag *****

 

Team Lavasoft

Lavasupporten