FluH Posted October 12, 2004 Share Posted October 12, 2004 Jag har använt Norton Antivirus under flera år. Programmet kan inte ta bort två funna "hot": MediaTicketsInstaller.ocx och rundlg32.dll. I avsikt att få hjälp online av olika antivirusprogram, stötte jag på HouseCall (Trend Micro). Vid en körning hittades hela 44 infekterade filer på min PC, däremot inte ovannämnda "hot"... Klart att man tappar förtroendet för den här "branschen" :-( Link to comment Share on other sites More sharing options...
Malou_031 Posted October 12, 2004 Share Posted October 12, 2004 Hej FluH Ser att du har fått hjälp i den här nedanstående tråden, men att det inte gått så bra http://pcsupport.idg.se/viewmsg.asp?EntriesId=400602 Ad-Awaren klarar av att ta bort MediaTicketsInstaller.ocx Vilken version av Ad-Awaren har du? Om du har Ad-Aware SE Personal 1.05 Så ställ in programmet på Full System Scan Här läser du instruktionerna om hur du ställer in programmet: Ställ in programmet på Full System Scan: http://www.lavasoftsupport.com/index.php?showtopic=42066 Inaktivera "Search for negligible risk entries", eftersom dessa objekt (MRU's) inte ses som ett hot. Då du gjort ovanstående. Gör nu en scanning med Ad-Awaren i Full System Scan och lägg in loggen här så tar jag en titt på den. Utifrån den Ad-Awareloggen går vi vidare med arbetet för att bli av med otrevligheterna. MVH/Malou ***** Ha En Fortsatt Underbar Dag ***** Team Lavasoft Lavasupporten [inlägget ändrat 2004-10-12 17:20:49 av malou jansson] Link to comment Share on other sites More sharing options...
FluH Posted October 12, 2004 Author Share Posted October 12, 2004 Jag har Ad-Aware SE Personal 1.05 med Full system scan och uteslutande av negligerbara risker + rekommenderade inställningar. Ad-Aware tar enligt min mening inte bort MediaTicketsInstaller.ocx. Loggen kommer här, mycket lång. Ad-Aware SE Build 1.05 Logfile Created on:den 12 oktober 2004 17:57:14 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R11 07.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» None »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R11 07.10.2004 Internal build : 16 File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 353470 Bytes Total size : 1162664 Bytes Signature data size : 1138651 Bytes Reference data size : 23501 Bytes Signatures total : 31468 Fingerprints total : 206 Fingerprints size : 9362 Bytes Target categories : 15 Target families : 579 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:43 % Total physical memory:523268 kb Available physical memory:220408 kb Total page file size:1278684 kb Available on page file:1051452 kb Total virtual memory:2097024 kb Available virtual memory:2049612 kb OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2004-10-12 17:57:14 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32 ProcessID : 660 ThreadCreationTime : 2004-10-12 14:34:24 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 708 ThreadCreationTime : 2004-10-12 14:34:25 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 732 ThreadCreationTime : 2004-10-12 14:34:27 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32 ProcessID : 776 ThreadCreationTime : 2004-10-12 14:34:28 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32 ProcessID : 788 ThreadCreationTime : 2004-10-12 14:34:28 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32 ProcessID : 964 ThreadCreationTime : 2004-10-12 14:34:29 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1068 ThreadCreationTime : 2004-10-12 14:34:29 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1232 ThreadCreationTime : 2004-10-12 14:34:30 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1256 ThreadCreationTime : 2004-10-12 14:34:30 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [ccsetmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1464 ThreadCreationTime : 2004-10-12 14:34:30 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:11 [explorer.exe] FilePath : C:\WINDOWS ProcessID : 1524 ThreadCreationTime : 2004-10-12 14:34:30 BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE #:12 [ccevtmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1544 ThreadCreationTime : 2004-10-12 14:34:30 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32 ProcessID : 1728 ThreadCreationTime : 2004-10-12 14:34:31 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [dsentry.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1928 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : Dell - DVDSentry CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry LegalCopyright : Copyright © 2002 Dell OriginalFilename : DSentry.exe Comments : DVDSentry launches your software DVD player when a DVD is inserted. #:15 [ctsysvol.exe] FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1936 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 1.0.9.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTSysVol.exe #:16 [ctdvddet.exe] FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1944 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 1.0.2.0 ProductVersion : 1.0.2.0 ProductName : CTDVDDET CompanyName : Creative Technology Ltd FileDescription : CTDVDDET InternalName : CTDVDDET LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTDVDDET.EXE #:17 [cthelper.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1952 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 1, 0, 0, 10 ProductVersion : 1, 0, 0, 10 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:18 [directcd.exe] FilePath : C:\Program\Roxio\Easy CD Creator 5\DirectCD ProcessID : 1964 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 5.2.0.91 ProductVersion : 5.2.0.91 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright © 2001-2002, Roxio, Inc. OriginalFilename : Directcd.exe #:19 [qttask.exe] FilePath : C:\Program\QuickTime ProcessID : 1984 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 6.0.2 ProductVersion : QuickTime 6.0.2 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2002 OriginalFilename : QTTask.exe #:20 [hpztsb06.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3 ProcessID : 1992 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 2,133,0,0 ProductVersion : 2,133,0,0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002 #:21 [ccapp.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 2000 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Symantec Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:22 [atiptaxx.exe] FilePath : C:\Program\ATI Technologies\ATI Control Panel ProcessID : 2008 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 6.14.10.5061 ProductVersion : 6.14.10.5061 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:23 [zlclient.exe] FilePath : C:\Program\Zone Labs\ZoneAlarm ProcessID : 120 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 5.1.033.000 ProductVersion : 5.1.033.000 ProductName : Zone Labs Client CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : zlclient.exe #:24 [ctfmon.exe] FilePath : C:\WINDOWS\System32 ProcessID : 140 ThreadCreationTime : 2004-10-12 14:34:33 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:25 [psfree.exe] FilePath : C:\Program\PANICW~1\POP-UP~1 ProcessID : 192 ThreadCreationTime : 2004-10-12 14:34:34 BasePriority : Normal FileVersion : 3, 1, 0, 1010 ProductVersion : 1, 0, 0, 1 ProductName : Pop-Up Stopper Free Edition CompanyName : Panicware, Inc. FileDescription : Pop-Up Stopper Free Edition InternalName : Pop-Up Stopper Free Edition LegalCopyright : Copyright © 2002-2003 OriginalFilename : PSFree.exe #:26 [ctsvccda.exe] FilePath : C:\WINDOWS\System32 ProcessID : 976 ThreadCreationTime : 2004-10-12 14:34:38 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:27 [mdm.exe] FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug ProcessID : 1016 ThreadCreationTime : 2004-10-12 14:34:38 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright © Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:28 [navapsvc.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 1088 ThreadCreationTime : 2004-10-12 14:34:42 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:29 [savscan.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 1224 ThreadCreationTime : 2004-10-12 14:34:45 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:30 [vsmon.exe] FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs ProcessID : 1368 ThreadCreationTime : 2004-10-12 14:34:46 BasePriority : Normal FileVersion : 5.1.033.000 ProductVersion : 5.1.033.000 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : vsmon.exe #:31 [mspmspsv.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1828 ThreadCreationTime : 2004-10-12 14:34:46 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:32 [iexplore.exe] FilePath : C:\Program\Internet Explorer ProcessID : 2856 ThreadCreationTime : 2004-10-12 15:48:23 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : IEXPLORE.EXE #:33 [ad-aware.exe] FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 852 ThreadCreationTime : 2004-10-12 15:51:44 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:34 [msmsgs.exe] FilePath : C:\Program\Messenger ProcessID : 3424 ThreadCreationTime : 2004-10-12 15:56:53 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 0 18:04:43 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:07:29.218 Objects scanned:103906 Objects identified:0 Objects ignored:0 New critical objects:0 Link to comment Share on other sites More sharing options...
Malou_031 Posted October 12, 2004 Share Posted October 12, 2004 Hej FluH Det här var mycket märkligt. Jag kan inte se att det finns någon MediaTicketsInstaller.ocx i din Ad-Awarelog. En annan sak som också är märklig: Då jag tittar på din HJT-log i den andra tråden, så ser jag inte HiJack This.exe filen någonstans. ********************************** ********************************** Starta om datorn i felsäkert läge (tryck F8 upprepade gånger): Gör en scanning med Ad-Awaren i Full System Scan, ta inte bort något. Starta om datorn till normalläge igen. Lägg in loggen här. Gör en HJT-log och lägg in. Kontrollera att HiJack This.exe filen liggen i en alldeles egen mapp på c:enheten (Mycket viktigt) MVH/Malou ***** Ha En Fortsatt Underbar Dag ***** Team Lavasoft Lavasupporten Link to comment Share on other sites More sharing options...
FluH Posted October 12, 2004 Author Share Posted October 12, 2004 Ad-Awareloggen i felsäkert läge: Ad-Aware SE Build 1.05 Logfile Created on:den 12 oktober 2004 20:52:23 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R11 07.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R11 07.10.2004 Internal build : 16 File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 353470 Bytes Total size : 1162664 Bytes Signature data size : 1138651 Bytes Reference data size : 23501 Bytes Signatures total : 31468 Fingerprints total : 206 Fingerprints size : 9362 Bytes Target categories : 15 Target families : 579 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:79 % Total physical memory:523268 kb Available physical memory:412256 kb Total page file size:1280216 kb Available on page file:1222772 kb Total virtual memory:2097024 kb Available virtual memory:2053488 kb OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2004-10-12 20:52:23 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32 ProcessID : 156 ThreadCreationTime : 2004-10-12 18:50:46 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 208 ThreadCreationTime : 2004-10-12 18:50:54 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 232 ThreadCreationTime : 2004-10-12 18:50:57 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32 ProcessID : 276 ThreadCreationTime : 2004-10-12 18:51:00 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32 ProcessID : 288 ThreadCreationTime : 2004-10-12 18:51:00 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32 ProcessID : 448 ThreadCreationTime : 2004-10-12 18:51:03 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32 ProcessID : 472 ThreadCreationTime : 2004-10-12 18:51:03 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [explorer.exe] FilePath : C:\WINDOWS ProcessID : 700 ThreadCreationTime : 2004-10-12 18:51:16 BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE #:9 [ad-aware.exe] FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 836 ThreadCreationTime : 2004-10-12 18:52:11 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : ulf löfgren@statcounter[1].txt Category : Data Miner Comment : Hits:6 Value : Cookie:ulf löfgren@statcounter.com/ Expires : 2009-10-11 19:47:18 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : ulf löfgren@tradedoubler[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:ulf löfgren@tradedoubler.com/ Expires : 2004-10-16 19:35:02 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 2 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 2 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 21:00:43 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:08:20.453 Objects scanned:90914 Objects identified:2 Objects ignored:0 New critical objects:2 Link to comment Share on other sites More sharing options...
FluH Posted October 12, 2004 Author Share Posted October 12, 2004 HijackThis igen: Logfile of HijackThis v1.98.2 Scan saved at 21:12:59, on 2004-10-12 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DSentry.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program\QuickTime\qttask.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\HiJT\HijackThis.exe C:\Program\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.comhem.se/'>http://login1.comhem.se/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093321811546 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A42889C5-62E1-419A-90C2-C9E958D69990} (Genline Family Finder Component) - http://www.genline.se/GFFControl.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab Link to comment Share on other sites More sharing options...
Malou_031 Posted October 12, 2004 Share Posted October 12, 2004 Hej FluH De här två hittar jag inte någonstans i dina loggor. MediaTicketsInstaller.ocx och rundlg32.dll Vi testar det här först. Om inte det hjälper så får vi ta till andra metoder. Det är viktigt att du "rensar/tömmer" följande mappar (Men ta inte bort själva mappen/mapparna) . Logga ut från Internet (För Bredband/Cabel Användare, det rekommenderas att dra ur nätverkskabeln) och Stäng alla öppna fönster/program. En del mappar kan vara gömda, så för att hitta den klicka på (Windowstangent+E) och i verktygsfältet klicka "Verktyg>Mappalternativ" och under "Visa" bocka för "Visa dolda filer och mappar" 1. C:\Windows\Temp 2. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temporary Internet Files\ <=Det här tömmer Cachen, Temporära Internetfiler och Cookies. 3. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temp[FET] Om fler användare finns. Gör även steg 4 och 5:[/FET] 4. C:\Documents and Settings\<Övrigas användares Användarnamn>\Local Settings\Temporary Internet Files 5. C:\Documents and Settings\<Övriga användares Användarnamn>\Local Settings\Temp 6. Töm "Papperskorgen" "Starta om datorn" Då du gjort ovanstående: Stäng ner Internet (logga ut): Öppna HJT. Klicka på Scan-knappen. Bocka för nedanstående detaljer. Klicka på Fix Checked-knappen. Starta om datorn. [FET] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/se/sve/gen/default.htm O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime <-Onödig att ha i samband vid uppstarten av datorn. Du avgör själv om du vill bocka den eller inte: O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.c ab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8 6/client/wuweb_site.cab?1093321811546 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa .cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER. CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A42889C5-62E1-419A-90C2-C9E958D69990} (Genline Family Finder Component) - http://www.genline.se/GFFControl.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.ca b [bLÅ]Ang dina O16-objekt i din log. Nästa gång de behövs på nätet blir du tillfrågad om att ladda ner dem igen. O16-filerna ligger i "Downloaded Program Files".[/bLÅ] [/FET] Då du gjort ovanstående och startat om datorn. Gör nu en scanning med ditt antivirusprogram för att se om du får de här varningarna igen. Kontrollera även var de här finns någonstans. Scanna inte i felsäkert läge den här gången: Gör även en ny scanning med Ad-Awaren i Full System Scan Ta inte bort något: Lägg in loggen här. Gör även en ny HJT-log och lägg in MVH/Malou ***** Ha En Fortsatt Underbar Dag ***** Team Lavasoft Lavasupporten [inlägget ändrat 2004-10-12 21:47:12 av malou jansson] [inlägget ändrat 2004-10-12 21:49:37 av malou jansson] [inlägget ändrat 2004-10-12 21:50:36 av malou jansson] [inlägget ändrat 2004-10-12 21:53:43 av malou jansson] Link to comment Share on other sites More sharing options...
927 Posted October 12, 2004 Share Posted October 12, 2004 alltså, säger panda OCH norton att filerna finns i datorn på plats x men när du kollar på plats x så finns dom ej? Link to comment Share on other sites More sharing options...
FluH Posted October 13, 2004 Author Share Posted October 13, 2004 De rekommenderade åtgärederna är nu utförda. Efter körning med Norton Antivirus indikeras att hoten finns kvar: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaTicketsInstaller.ocx C:\WINDOWS\Downloaded Program Files\rundlg32.dll Ad-Aware-loggen kommer här, följd av HJT-loggen. Ad-Aware SE Build 1.05 Logfile Created on:den 13 oktober 2004 08:46:24 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R11 07.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» None »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R11 07.10.2004 Internal build : 16 File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 353470 Bytes Total size : 1162664 Bytes Signature data size : 1138651 Bytes Reference data size : 23501 Bytes Signatures total : 31468 Fingerprints total : 206 Fingerprints size : 9362 Bytes Target categories : 15 Target families : 579 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:55 % Total physical memory:523268 kb Available physical memory:284696 kb Total page file size:1278684 kb Available on page file:1082268 kb Total virtual memory:2097024 kb Available virtual memory:2049824 kb OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2004-10-13 08:46:24 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32 ProcessID : 540 ThreadCreationTime : 2004-10-13 06:24:46 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 668 ThreadCreationTime : 2004-10-13 06:24:48 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 696 ThreadCreationTime : 2004-10-13 06:24:50 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32 ProcessID : 740 ThreadCreationTime : 2004-10-13 06:24:51 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32 ProcessID : 752 ThreadCreationTime : 2004-10-13 06:24:51 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32 ProcessID : 912 ThreadCreationTime : 2004-10-13 06:24:52 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 960 ThreadCreationTime : 2004-10-13 06:24:53 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1092 ThreadCreationTime : 2004-10-13 06:24:53 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1104 ThreadCreationTime : 2004-10-13 06:24:54 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [ccsetmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1332 ThreadCreationTime : 2004-10-13 06:24:55 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:11 [explorer.exe] FilePath : C:\WINDOWS ProcessID : 1340 ThreadCreationTime : 2004-10-13 06:24:55 BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE #:12 [ccevtmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1396 ThreadCreationTime : 2004-10-13 06:24:55 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32 ProcessID : 1548 ThreadCreationTime : 2004-10-13 06:24:55 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [ctsvccda.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1660 ThreadCreationTime : 2004-10-13 06:24:56 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:15 [mdm.exe] FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug ProcessID : 1708 ThreadCreationTime : 2004-10-13 06:24:58 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright © Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:16 [navapsvc.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 1796 ThreadCreationTime : 2004-10-13 06:24:58 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:17 [savscan.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 1868 ThreadCreationTime : 2004-10-13 06:24:59 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:18 [vsmon.exe] FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs ProcessID : 1944 ThreadCreationTime : 2004-10-13 06:25:00 BasePriority : Normal FileVersion : 5.1.033.000 ProductVersion : 5.1.033.000 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : vsmon.exe #:19 [dsentry.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2012 ThreadCreationTime : 2004-10-13 06:25:00 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : Dell - DVDSentry CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry LegalCopyright : Copyright © 2002 Dell OriginalFilename : DSentry.exe Comments : DVDSentry launches your software DVD player when a DVD is inserted. #:20 [ctsysvol.exe] FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 2020 ThreadCreationTime : 2004-10-13 06:25:01 BasePriority : Normal FileVersion : 1.0.9.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTSysVol.exe #:21 [ctdvddet.exe] FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 2028 ThreadCreationTime : 2004-10-13 06:25:01 BasePriority : Normal FileVersion : 1.0.2.0 ProductVersion : 1.0.2.0 ProductName : CTDVDDET CompanyName : Creative Technology Ltd FileDescription : CTDVDDET InternalName : CTDVDDET LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTDVDDET.EXE #:22 [cthelper.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2036 ThreadCreationTime : 2004-10-13 06:25:01 BasePriority : Normal FileVersion : 1, 0, 0, 10 ProductVersion : 1, 0, 0, 10 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:23 [directcd.exe] FilePath : C:\Program\Roxio\Easy CD Creator 5\DirectCD ProcessID : 2044 ThreadCreationTime : 2004-10-13 06:25:01 BasePriority : Normal FileVersion : 5.2.0.91 ProductVersion : 5.2.0.91 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright © 2001-2002, Roxio, Inc. OriginalFilename : Directcd.exe #:24 [hpztsb06.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3 ProcessID : 144 ThreadCreationTime : 2004-10-13 06:25:01 BasePriority : Normal FileVersion : 2,133,0,0 ProductVersion : 2,133,0,0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002 #:25 [ccapp.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 164 ThreadCreationTime : 2004-10-13 06:25:01 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Symantec Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:26 [atiptaxx.exe] FilePath : C:\Program\ATI Technologies\ATI Control Panel ProcessID : 180 ThreadCreationTime : 2004-10-13 06:25:02 BasePriority : Normal FileVersion : 6.14.10.5061 ProductVersion : 6.14.10.5061 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:27 [mspmspsv.exe] FilePath : C:\WINDOWS\System32 ProcessID : 188 ThreadCreationTime : 2004-10-13 06:25:03 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:28 [zlclient.exe] FilePath : C:\Program\Zone Labs\ZoneAlarm ProcessID : 236 ThreadCreationTime : 2004-10-13 06:25:03 BasePriority : Normal FileVersion : 5.1.033.000 ProductVersion : 5.1.033.000 ProductName : Zone Labs Client CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : zlclient.exe #:29 [ctfmon.exe] FilePath : C:\WINDOWS\System32 ProcessID : 288 ThreadCreationTime : 2004-10-13 06:25:04 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:30 [psfree.exe] FilePath : C:\Program\PANICW~1\POP-UP~1 ProcessID : 340 ThreadCreationTime : 2004-10-13 06:25:04 BasePriority : Normal FileVersion : 3, 1, 0, 1010 ProductVersion : 1, 0, 0, 1 ProductName : Pop-Up Stopper Free Edition CompanyName : Panicware, Inc. FileDescription : Pop-Up Stopper Free Edition InternalName : Pop-Up Stopper Free Edition LegalCopyright : Copyright © 2002-2003 OriginalFilename : PSFree.exe #:31 [msmsgs.exe] FilePath : C:\Program\Messenger ProcessID : 1980 ThreadCreationTime : 2004-10-13 06:45:08 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:32 [ad-aware.exe] FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 1788 ThreadCreationTime : 2004-10-13 06:46:05 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 0 08:53:48 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:07:23.656 Objects scanned:100851 Objects identified:0 Objects ignored:0 New critical objects:0 Logfile of HijackThis v1.98.2 Scan saved at 08:55:58, on 2004-10-13 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\DSentry.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\PANICW~1\POP-UP~1\PSFree.exe C:\HiJT\HijackThis.exe C:\Program\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.comhem.se/'>http://login1.comhem.se/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE Link to comment Share on other sites More sharing options...
927 Posted October 13, 2004 Share Posted October 13, 2004 som jag tidigare skrev så kan man inte alltid lita på res av norton scan därför skulle du testa med panda. MEN jag är till 99,9% säker på att du har inte dessa två filer i datorn. skulle dom funnits så hade dom funnits med i hjt, tex. så här ser dom ut i hjt, när dom finns alltså... R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab Link to comment Share on other sites More sharing options...
Malou_031 Posted October 13, 2004 Share Posted October 13, 2004 Hej FluH [CITAT]De rekommenderade åtgärederna är nu utförda. Efter körning med Norton Antivirus indikeras att hoten finns kvar: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaTicketsInstaller.ocx C:\WINDOWS\Downloaded Program Files\rundlg32.dll[/CITAT] Ok. Ang rundlg32.dll så är det en svår variant av CWS som du har råkat ut för. Den varianten som du tycks ha är att den visar sig inte i en HJT-log eller Ad-Awarelog. Likadant är det när du söker efter den i datorn så hittas den inte pga att den har en förmåga att gömma/dölja sig (trots att du vet att den finns där)och att Norton hittar den, men inte kan göra något åt den (bara varnar för att den finns där). Och för att (förhoppningsvis) få bukt med rundlg32.dll så behöver jag använda mig av ett verktyg som heter FINDnFIX. Och för att jag skall kunna få använda mig av diverse verktyg (Bla FINDnFIX). Så undrar jag om du skulle vilja hoppa över till mitt hemmaforum(Lavasupporten) där jag har tillstånd/behörighet att använda dessa. Om du känner/tycker att du vill det här, så lämna ett svar här i tråden, så ger jag dig information här i tråden om hur du gör för att registrera dig på Lavasupporten samt diverse annan information (som kanske kan behövas). Det kan vara lite krångligt inne på Lavaforumet eftersom det finns en Engelsk del samt en svensk del och det gäller att du hamnar och postar på den svenska delen *ler* Lämna gärna ett svar på hur du vill göra. MVH/Malou ***** Ha En Fortsatt Underbar Dag ***** Team Lavasoft Lavasupporten Link to comment Share on other sites More sharing options...
Zipp. Posted October 13, 2004 Share Posted October 13, 2004 Du kan också pröva så Öppna Hijack Klicka Config.. Klicka Misc Tools Klicka Delete a file on reboot Sen klistra detta dit C:\WINDOWS\Downloaded Program Files\rundlg32.dll Öppna filen dit och starta om datorn Scanna sen med Norton om den är kvar. Link to comment Share on other sites More sharing options...
FluH Posted October 14, 2004 Author Share Posted October 14, 2004 Hej Zipp! Du hade lösningen! Både rundlg32.dll och MediaTicketsInstaller.ocx är nu borta från min PC. Tackar, tackar! Tack också till malou som tog sig tid att försöka hjälpa mig! Link to comment Share on other sites More sharing options...
Malou_031 Posted October 14, 2004 Share Posted October 14, 2004 Hej FluH Toppen att det funkade och att du äntligen blev av med otyget. MVH/Malou ***** Ha En Fortsatt Underbar Dag ***** Team Lavasoft Lavasupporten Link to comment Share on other sites More sharing options...
.thumb.JPG.3e82d4144efd88a901bb8d25a8b2e943.JPG)
.thumb.png.71a73be41d8bf63826729db87e16f1ce.png)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.