Just nu i M3-nätverket
Gå till innehåll

Mackey

Medlem
  • Antal inlägg

    85
  • Gick med

  • Senaste besök

Allt postat av Mackey

  1. Ledsen, jag måste ha klistrat in fel logg. Du hjälpte mig att rensa min dotters dator den gången. Jag hade hennes disk installerad i den här datorn. Den funkar bra sedan dess, tack! Jag ska ta mig en titt på C:\DOCUMENTS AND SETTINGS\AMINE\LOKALA INSTäLLNINGAR\TEMP på den, men jag tror att det redan är gjort. Här kommer rätt logg i felsäkert läge. [log]SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/18/2007 at 11:23 PM Application Version : 3.9.1008 Core Rules Database Version : 3289 Trace Rules Database Version: 1300 Scan type : Complete Scan Total Scan Time : 00:44:52 Memory items scanned : 184 Memory threats detected : 0 Registry items scanned : 6454 Registry threats detected : 0 File items scanned : 43618 File threats detected : 2 Adware.Tracking Cookie C:\Documents and Settings\Marc\Cookies\marc@www.adservermagic[1].txt C:\Documents and Settings\Marc\Cookies\marc@track.adform[1].txt[/log] och en HijackThiss log, också i felsäkert läge [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:23:13, on 2007-08-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/'>http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage'>http://securityresponse.symantec.com/avcenter/fix_homepage O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab'>http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab'>http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab'>http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187'>http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab'>http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab'>http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing) O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 7881 bytes[/log] och en "vanlig" [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:28, on 2007-08-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\XRools\smss.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing) O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 9397 bytes[/log]
  2. Nu blir det konstigt! Jag har uppdaterat progremmet och fått meddelande att det inte finns några nya uppdateringar. Jag har ingen F: på datorn Hjälp, vad ska jag göra?
  3. Här kommer loggen. [log]SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/23/2007 at 02:03 AM Application Version : 3.9.1008 Core Rules Database Version : 3272 Trace Rules Database Version: 1283 Scan type : Complete Scan Total Scan Time : 01:24:16 Memory items scanned : 619 Memory threats detected : 0 Registry items scanned : 6734 Registry threats detected : 0 File items scanned : 105786 File threats detected : 142 Adware.Tracking Cookie C:\Documents and Settings\Marc\Cookies\marc@t3[2].txt C:\Documents and Settings\Marc\Cookies\marc@1072623259[1].txt C:\Documents and Settings\Marc\Cookies\marc@ads.imesh[1].txt C:\Documents and Settings\Marc\Cookies\marc@ad1.clickhype[1].txt C:\Documents and Settings\Marc\Cookies\marc@adknowledge[1].txt C:\Documents and Settings\Marc\Cookies\marc@audit.median[1].txt C:\Documents and Settings\Marc\Cookies\marc@cz8.clickzs[2].txt C:\Documents and Settings\Marc\Cookies\marc@1072483310[1].txt C:\Documents and Settings\Marc\Cookies\marc@cgi-bin[2].txt C:\Documents and Settings\Marc\Cookies\marc@ath.belnk[1].txt C:\Documents and Settings\Marc\Cookies\marc@torget[1].txt C:\Documents and Settings\Marc\Cookies\marc@eclick.omgse[1].txt C:\Documents and Settings\Marc\Cookies\marc@basic[2].txt C:\Documents and Settings\Marc\Cookies\marc@windowsmedia[2].txt C:\Documents and Settings\Marc\Cookies\marc@eboz[1].txt C:\Documents and Settings\Marc\Cookies\marc@sc[1].txt C:\Documents and Settings\Marc\Cookies\marc@cz6.clickzs[1].txt C:\Documents and Settings\Marc\Cookies\marc@cz3.clickzs[2].txt C:\Documents and Settings\Marc\Cookies\marc@ad-server.gulasidorna[2].txt C:\Documents and Settings\Marc\Cookies\marc@ads.monster[1].txt C:\Documents and Settings\Marc\Cookies\marc@postclicktracking[1].txt C:\Documents and Settings\Marc\Cookies\marc@torget[2].txt C:\Documents and Settings\Marc\Cookies\marc@ads.realtechnetwork[2].txt C:\Documents and Settings\Marc\Cookies\marc@dcsx8pw0epifwzbqfcuk9q0y1_7n3v[1].txt C:\Documents and Settings\Marc\Cookies\marc@1068415716[1].txt C:\Documents and Settings\Marc\Cookies\marc@ads.pr[2].txt C:\Documents and Settings\Marc\Cookies\marc@t1[2].txt C:\Documents and Settings\Marc\Cookies\marc@se[1].txt C:\Documents and Settings\Marc\Cookies\marc@nedstat[1].txt C:\Documents and Settings\Marc\Cookies\marc@globalstat[2].txt C:\Documents and Settings\Marc\Cookies\marc@ad.aktivist[2].txt C:\Documents and Settings\Marc\Cookies\marc@server3.web-stat[1].txt C:\Documents and Settings\Marc\Cookies\marc@posten[2].txt C:\Documents and Settings\Marc\Cookies\marc@link[2].txt C:\Documents and Settings\Marc\Cookies\marc@www.windowsmedia[2].txt C:\Documents and Settings\Marc\Cookies\marc@adverticum[2].txt C:\Documents and Settings\Marc\Cookies\marc@cz4.clickzs[2].txt C:\Documents and Settings\Marc\Cookies\marc@oas.247realmedia[1].txt C:\Documents and Settings\Marc\Cookies\marc@1070847646[1].txt C:\Documents and Settings\Marc\Cookies\marc@ads.chellomedia[1].txt C:\Documents and Settings\Marc\Cookies\marc@cz5.clickzs[1].txt C:\Documents and Settings\Marc\Cookies\marc@1071732759[1].txt C:\Documents and Settings\Marc\Cookies\marc@www.swebusexpress[1].txt C:\Documents and Settings\Marc\Cookies\marc@ads.gamershell[2].txt C:\Documents and Settings\Marc\Cookies\marc@gsmworld[1].txt C:\Documents and Settings\Marc\Cookies\marc@clicktorrent[2].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@ad.zanox[1].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@adtech[2].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@atdmt[1].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@clicksor[1].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@clicktorrent[2].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@doubleclick[1].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@imrworldwide[2].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@statse.webtrendslive[1].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@toplist[1].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@toplist[2].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@tracker.seeknear[2].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@tracking.notabenestats[1].txt C:\Documents and Settings\Bara spel\Cookies\bara_spel@tradedoubler[2].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@ad-server.gulasidorna[2].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@adopt.hbmediapro[1].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@banner[1].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@belnk[1].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@dist.belnk[2].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@dn.adx[2].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@focalex[1].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@m1.webstats4u[1].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@partner2profit[2].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@superstats[1].txt C:\Documents and Settings\Bibbi\Cookies\bibbi@www5.addfreestats[1].txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@ad-server.gulasidorna[2].txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@ads.txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@ads_adx.txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@bannerspace(1).txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@clicks_firstname.txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@livestat.txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@speedyclick(1).txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@stat.www[1].txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@stats.paregos[2].txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@stats_superstats(1).txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@tripod.txt C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@www.toplist[1].txt C:\Documents and Settings\Nina\Cookies\nina@ath.belnk[1].txt C:\Documents and Settings\Nina\Cookies\nina@belnk[2].txt C:\Documents and Settings\Nina\Cookies\nina@dist.belnk[1].txt C:\Documents and Settings\Nina\Cookies\nina@emarketmakers[2].txt C:\Documents and Settings\Nina\Cookies\nina@kanoodle[1].txt C:\Documents and Settings\Nina\Cookies\nina@rightmedia[2].txt C:\Documents and Settings\Nina\Cookies\nina@tracking[1].txt C:\Documents and Settings\Nina\Cookies\nina@xiti[2].txt C:\Documents and Settings\Richard\Cookies\richard@atwola[2].txt C:\Documents and Settings\Richard\Cookies\richard@bannerspace[1].txt C:\Documents and Settings\Richard\Cookies\richard@belnk[1].txt C:\Documents and Settings\Richard\Cookies\richard@counter[2].txt C:\Documents and Settings\Richard\Cookies\richard@dist.belnk[2].txt C:\Documents and Settings\Richard\Cookies\richard@dn.adx[1].txt C:\Documents and Settings\Richard\Cookies\richard@rightmedia[2].txt C:\Documents and Settings\Richard\Cookies\richard@svd.adx[1].txt C:\Documents and Settings\Richard\Cookies\richard@tn.adx[1].txt C:\Documents and Settings\Richard\Cookies\richard@www.counter-strike-dl[1].txt C:\Kopia på Ninas hårddisk 2007-07-18\Documents and Settings\Marc\Cookies\marc@atdmt[2].txt C:\Kopia på Ninas hårddisk 2007-07-18\Documents and Settings\Marc\Cookies\marc@mediaplex[1].txt F:\Documents and Settings\Amine\Cookies\amine@ad.adtoma[2].txt F:\Documents and Settings\Amine\Cookies\amine@ad.directanetworks[2].txt F:\Documents and Settings\Amine\Cookies\amine@ad.zanox[2].txt F:\Documents and Settings\Amine\Cookies\amine@adfarm1.adition[1].txt F:\Documents and Settings\Amine\Cookies\amine@ads.monster[2].txt F:\Documents and Settings\Amine\Cookies\amine@ads2.howardchui[1].txt F:\Documents and Settings\Amine\Cookies\amine@adserving.cpxinteractive[2].txt F:\Documents and Settings\Amine\Cookies\amine@adsrevenue[2].txt F:\Documents and Settings\Amine\Cookies\amine@amsterdamlivexxx[1].txt F:\Documents and Settings\Amine\Cookies\amine@counter.search[1].txt F:\Documents and Settings\Amine\Cookies\amine@divx.adbureau[2].txt F:\Documents and Settings\Amine\Cookies\amine@drivecleaner[2].txt F:\Documents and Settings\Amine\Cookies\amine@gordon2525.tripod[2].txt F:\Documents and Settings\Amine\Cookies\amine@imrworldwide[2].txt F:\Documents and Settings\Amine\Cookies\amine@interclick[2].txt F:\Documents and Settings\Amine\Cookies\amine@partypoker[2].txt F:\Documents and Settings\Amine\Cookies\amine@richmedia.yahoo[1].txt F:\Documents and Settings\Amine\Cookies\amine@se.winantivirus[1].txt F:\Documents and Settings\Amine\Cookies\amine@tripod[2].txt F:\Documents and Settings\Amine\Cookies\amine@warlog[1].txt F:\Documents and Settings\Amine\Cookies\amine@winantivirus[2].txt F:\Documents and Settings\Amine\Cookies\amine@www.clickgamer[2].txt F:\Documents and Settings\Amine\Cookies\amine@www.clickmanage[2].txt F:\Documents and Settings\Amine\Cookies\amine@www.googleadservices[1].txt F:\Documents and Settings\Amine\Cookies\amine@www.winantiviruspro[2].txt F:\Documents and Settings\Amine\Cookies\amine@www5.addfreestats[1].txt F:\Documents and Settings\Amine\Cookies\amine@www8.addfreestats[1].txt F:\Documents and Settings\Amine\Cookies\amine@xiti[1].txt F:\Documents and Settings\Marc\Cookies\marc@ads.monster[2].txt F:\Documents and Settings\Marc\Cookies\marc@drivecleaner[2].txt F:\Documents and Settings\Marc\Cookies\marc@partypoker[2].txt F:\Documents and Settings\Marc\Cookies\marc@se.drivecleaner[1].txt F:\Documents and Settings\Marc\Cookies\marc@stats.drivecleaner[2].txt F:\Documents and Settings\Marc\Cookies\marc@www.winantiviruspro[1].txt F:\Documents and Settings\Nina\Cookies\nina@ad.adtoma[1].txt F:\Documents and Settings\Nina\Cookies\nina@imrworldwide[2].txt F:\Documents and Settings\Nina\Cookies\nina@winantivirus[2].txt Trojan.Downloader-Gen/AVP F:\DOCUMENTS AND SETTINGS\AMINE\LOKALA INSTäLLNINGAR\TEMP\WIN29.TMP.EXE Adware.ClickSpring/Yazzle F:\PROGRAM\DELADE FILER\YAZZLE1162OINUNINSTALLER.EXE Trojan.Downloader-Win/GHY F:\WINDOWS\SYSTEM32\WINOSZ32.DLL[/log] [inlägget ändrat 2007-08-17 08:49:20 av Mackey]
  4. Det enda användarnamn som syns är SYSTEM. I övrigt är kolumnen tom. Det finns ingen tanke med någon namnserver, jag vet inte ens vad det är. Det kan ha varit så att problemdatorn vid något tillfälle tidigare hade den IP-adressen. Jag har bara satt upp ett hemmanätverk som funkar lite si och så. Det här kanske är ett problem. Den dator vi talar om nu syns aldrig, eller i alla fall nästan aldrig, på nätverket.
  5. Det är för VPN-tunneln till gamla jobbet jag inte tagit bort, eller egentligen inte lyckats få bort. Nu är det en fast IP-adress för en annan dator i nätverket, tidigare var IP-adreserna inte fasta så då kan det ha varit vad som hellst. Nej!? Först och främnst är det många dubletter av processerna i Aktivitetshanteraren och dessutom ser det ut som att - när man stänger av datorn - går ut ur en användare och sedan en till. Det här går så snabbt så det är svårt att helt säkert säga att det är så, men det är i alla fall den känslan man får. Här kommer en logg på min sons användare. [log]Logfile of HijackThis v1.99.1 Scan saved at 19:46:07, on 2007-08-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\XRools\smss.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE C:\Program Files\Symantec\LiveUpdate\luall.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt823\spa.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing) O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/log]
  6. Jag har problem med min dator, när man är inloggad syns ingen användare i Aktivitetshanteraren. Jag upptäckte det när jag försökte installera Norton 360, det gick inte att uppdatera vdf, mm. (Det funkar bra på andra datorer här hemma.) Dessutom verkar det som att burken tror att den är två användare på något konstigt vis, men ingen syns. Kan det vara så att någon har installerat något i XP som ska dölja användare och vad användaren gör. Är det i så fall virus/trojan eller någon som använder datorn på plats? Min son och hans kompisar använder också datorn. Viktigast är att få bort sådant som hindrar uppdateringen av Norton. Systremåterställningen funkar inte. [/log]
  7. Hej på er! Nu har jag lyckats få bort allt skräp (hoppas jag), gjort kopior på alla filer (nästan) och återskapat ursprungsinstallationen med Dell PC Restore. Det känns ganska bra faktiskt... Jag flyttade hårdiskarna till andra datorer. Det blev mycket skannande hit och dit, vilket tar lite tid när det är 500 000 filer på varje disk. Tack för hjälpen! Sov gott! Det ska i alla fall jag göra.
  8. Jag litar på Cecilia... ... men hur är jag säker på att disken går in som slav? Jag har aldrig monterat in 2 SATA diskar och hittar inga "jumprar". Så här står det på disken Maxator DimondMax 10 Model: 6L 160 MO 160 GB SATA150 HDD
  9. Hej! Jag har läst diverse inlägg om att rädda filer, men inte riktigt fått klart för mig hur jag bör gå vidare. Jag har två diskar i min (dotters) Dell (9600 tror jag) som är ett par år gammal. Nu vägrar datorn att starta, den fastnar i steg 4 av 4 när den vid start av någon anledning kör Check Disk (CHKDSK.EXE) på slaven. Det funkar att starta datorn när jag kopplar ur slaven, men det kommer upp en massa virusvarningar från Anti-vir. Hur ska jag göra för att försöka rädda filerna på slaven? Det är värdefulla filer, typ foton, så hon är beredd att - i värsta fall - lägga en slant på att rädda innehållet. Det är förmodligen även aktuellt att rädda innehållet på C-disken eftersom hon verkar ha virus och trojaner i stor mängd. Jag har tillgång till flera datorer, så jag kan sätta in diskarna i en annan dator. Några frågor till då; Slaven Hur gör jag för att få datorn att strata (inte fastna på Check Disk)? Vad gör jag sedan? C-disken Om jag sätter in disken som slav och kör några antivirusprogram på den borde jag väl bli av med alla farligheter. Stämmer det? Några mera tips för att rädda C-disken? PS Är enda sättet att lära sig att göra säkerhetskopior att först bli av med en massa värdefull information????
  10. Hej! Nu är allt bättre, ett problem bara... När min son startar CS får han ett par varningar om trojaner... Hur ser hans logg ut tycker du. Det enda jag ser är att SpywareGuard inte verkar starta på hans användare. Så här ser loggen ut när han är inloggad [log] Logfile of HijackThis v1.99.1 Scan saved at 08:04:58, on 2007-07-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\XRools\smss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Games\Steam\Steam.exe c:\games\steam\steamapps\crottess\counter-strike\hl.exe C:\Program Files\Hijackthis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage'>http://securityresponse.symantec.com/avcenter/fix_homepage O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {890CFBF0-10D5-43D3-ABFD-206F7C4A2699} - (no file) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB'>http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835'>http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab'>http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab'>http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab'>http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab'>http://f012.mail.spray.se/app/uploader/FileUploader.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing) O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [/log] Så här ser loggen ut när jag är inloggad. [log] Logfile of HijackThis v1.99.1 Scan saved at 16:44:41, on 2007-07-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\XRools\smss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Marc\Desktop\Rensning.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing) O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [/log]
  11. Hej! Hur ser det ut nu Logfile of HijackThis v1.99.1 [log] Logfile of HijackThis v1.99.1 Scan saved at 23:32:49, on 2007-07-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\XRools\smss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Marc\Desktop\Rensning.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {890CFBF0-10D5-43D3-ABFD-206F7C4A2699} - (no file) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing) O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [/log]
  12. Hej! Nu är allt normalt, nästan, lite segt är det fortfarande att starta. Kan jag göra någopt åt det? Är allt skräp borta? Både sådant som är "farligt" och sådant som gör det segt. HijackThis-log [log] Logfile of HijackThis v1.99.1 Scan saved at 17:07:07, on 2007-07-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\XRools\smss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe F:\Rensning.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {890CFBF0-10D5-43D3-ABFD-206F7C4A2699} - C:\WINDOWS\system32\ljjigfc.dll (file missing) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wincqt32 - C:\WINDOWS\SYSTEM32\wincqt32.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [/log] VundoFix V6.5.4 [log] VundoFix V6.5.4 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 16:54:57 2007-07-09 Listing files found while scanning.... C:\windows\system32\hgjlm.bak1 C:\WINDOWS\system32\hgjlm.bak2 C:\WINDOWS\system32\hgjlm.ini C:\WINDOWS\system32\hgjlm.ini2 C:\WINDOWS\system32\hgjlm.tmp C:\windows\system32\ljjigfc.dll C:\WINDOWS\system32\mljgh.dll Beginning removal... Attempting to delete C:\windows\system32\hgjlm.bak1 C:\windows\system32\hgjlm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\hgjlm.bak2 C:\WINDOWS\system32\hgjlm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\hgjlm.ini C:\WINDOWS\system32\hgjlm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\hgjlm.ini2 C:\WINDOWS\system32\hgjlm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\hgjlm.tmp C:\WINDOWS\system32\hgjlm.tmp Has been deleted! Attempting to delete C:\windows\system32\ljjigfc.dll C:\windows\system32\ljjigfc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\mljgh.dll C:\WINDOWS\system32\mljgh.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\hgjlm.ini C:\WINDOWS\system32\hgjlm.ini Has been deleted! Attempting to delete C:\windows\system32\ljjigfc.dll C:\windows\system32\ljjigfc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljgh.dll C:\WINDOWS\system32\mljgh.dll Has been deleted! Performing Repairs to the registry. Done! [/log]
  13. Hej! Jag har blivit av med alla ikoner på skrivbordet och toolbaren i Windows är också borta. Har kört ett webbbaserat antivirusprogram från Trend Micro som hittade ett par trojaner, men TROJ_VUNDO.AVA gick inte att ta bort. HijackThis-loggen (lite gammal version kanske) ser ut så här. [log] Logfile of HijackThis v1.99.1 Scan saved at 00:42:39, on 2007-07-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\XRools\smss.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [/log] Det är min son som använder datorn mest, så det förekommer kanske en hel del "skräp" som bör tas bort. Vad ska jag göra?
  14. Ett förtydligande, det är kvaliteten på produkten jag är intresserad av att få lite tyckande om.
  15. Hej! Jag är på väg att köpa värmepump, men jag vet inte vilken jag ska välja. Jag har två likvärdiga anbud, en IVT Greenline HT plus och en Nibe Fighter 1235. Vilken ska jag välja? Hjälp mig!
  16. Hej igen! Jag kommer in på http://192.71.238.76 mycket långsamt men inte helt från båda datorerna som inte funkar. Nu spelar inte det så stor roll eftersom jag kommer ut på nätet nu. Jag ändrade så att DNS-adressen erhålls automatiskt och då funkar det. Jag vet inte vad som hänt, men det skulle ju kunna vara så att Com Hem har gjort någon förändring jämfört med när det var Chello. Tack för hjälpen.
  17. Ok, jag ska göra det du föreslår när jag kommer hem i kväll. Jag kollar även den andra ickefungerande datorn hemma. Det är bra om du har möjlighet att ta en titt på mina resultat i kväll vid 20-tiden, jag ska resa bort i kväll (och ett par dagar) och familjen är förtvivlad. Min jobbdator, trådlös bärbar, har dessa inställningar när jag använder den hemma. Den har också DNS-server 192.168.0.1 [log]Ethernet-kort Trådlös nätverksanslutning 2: Anslutningsspecifika DNS-suffix . : chello.se Beskrivning . . . . . . . . . . . : Dell Wireless 1490 - tvåbands-Mini-PCI-kort för trådlösa nätverk Fysisk adress . . . . . . . . . . : 00-19-7D-21-52-EA DHCP aktiverat . . . . . . . . . : Ja Autokonfiguration aktiverat . . . : Ja IP-adress . . . . . . . . . . . . : 192.168.0.4 Nätmask . . . . . . . . . . . . . : 255.255.255.0 Standard-gateway . . . . . . . . : 192.168.0.1 DHCP-server . . . . . . . . . . . : 192.168.0.1 DNS-servrar . . . . . . . . . . . : 192.168.0.1 Det verkar ju vara samma som den fungerande trådlösa datorn hemma. Lånet erhölls . . . . . . . . . . : den 16 april 2007 18:26:26 Lånet upphör . . . . . . . . . . : den 19 april 2007 18:26:26[/log]
  18. Hej! Här kommer info från den datorn som funkar, den är stationär med trådlös anslutning till rautern. [log]IP-konfiguration för Windows Värddatornamn . . . . . . . . . . : BLONDIE Primärt DNS-suffix . . . . . . . : Nodtyp . . . . . . . . . . . . . : Okänd IP-routning aktiverat . . . . . . : Nej WINS-proxy aktiverat . . . . . . : Nej Söklista för DNS-suffix . . . . . : chello.se Ethernet-kort Anslutning till lokalt nätverk: Medietillstånd . . . . . . . . . . : Mediet är frånkopplat Beskrivning . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection Fysisk adress . . . . . . . . . . : 00-12-3F-79-0E-BB Ethernet-kort Trådlös nätverksanslutning: Anslutningsspecifika DNS-suffix . : chello.se Beskrivning . . . . . . . . . . . : NETGEAR 108 Mbps Wireless PCI Adapter WG311T Fysisk adress . . . . . . . . . . : 00-0F-B5-81-09-8C DHCP aktiverat . . . . . . . . . : Ja Autokonfiguration aktiverat . . . : Ja IP-adress . . . . . . . . . . . . : 192.168.0.2 Nätmask . . . . . . . . . . . . . : 255.255.255.0 Standard-gateway . . . . . . . . : 192.168.0.1 DHCP-server . . . . . . . . . . . : 192.168.0.1 DNS-servrar . . . . . . . . . . . : 192.168.0.1 Lånet erhölls . . . . . . . . . . : den 16 april 2007 06:22:11 Lånet upphör . . . . . . . . . . : den 19 april 2007 06:22:11 Ethernet-kort Bluetooth-nätverksanslutning: Medietillstånd . . . . . . . . . . : Mediet är frånkopplat Beskrivning . . . . . . . . . . . : Bluetooth-enhet (Personal Area Network) #3 Fysisk adress . . . . . . . . . . : 00-10-60-A8-ED-A1[/log] Här kommer info från datorn som INTE funkar, den är stationär och kopplad till rautern med sladd. Det är denna som CouterStrike funkar på. [log]Windows IP Configuration Host Name . . . . . . . . . . . . : SVARTIS Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : chello.se Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : chello.se Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-11-11-37-E7-F0 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 193.150.195.24 193.150.195.23 Lease Obtained. . . . . . . . . . : den 16 april 2007 18:58:27 Lease Expires . . . . . . . . . . : den 19 april 2007 18:58:27[/log] Jag påminner om att allt funkade bra på måndag kväll, men inte på tisdag morgon. Lycka till! Jag behöver din och alla andras hjälp.
  19. Hej! Jag har ett hemmanätverk med stationära och bärbara datorer. Rautern är en Netgear WGR 614 v4, fasta anslutningar och trådlösa. Com Hem (fd Chello) är internetleverantör. Två stationära datorer med sladdanslutning kommer inte åt Internet via Internet Explorer eller annan webbläsare. Dessa datorer användes problemfritt i måndags, men slutade fungera i tisdags (veckan efter påsk). Den ena av dessa datorn går det bra att spela Counter Strike på, med nätanslutning. (Vet inte hur det är med den andra, den används aldrig till det.) Det går att skriva ut på nätverksskrivaren från båda. Det går inte att uppdatera Norton Intenet Security eller Ad-Aware på dessa datorer och det går inte att hämta POP-mailen heller. En stationär dator med trådlös anslutning kommer åt Internet precis som tidigare. Även den datorn är utrustad med NIS. Den har inte använts den senaste veckan, påsklov, men nu (söndag/måndag) funkar den som sagt bra. En bärbar dator kommer åt Internet både trådlöst och med sladd. Den har Mc Afee. Den har inte heller använts den senaste veckan, men funkar bra nu. Som jag ser det har något hänt med de datorer som användes måndag och tisdag, kan det vara så eller är det något helt annat som är orsaken. Jag har gjort vad jag kan för att försöka hitta vad som kan vara fel; Kollat alla inställningar på "Internet-alternativ". Stängt av NIS. Kollat brandväggen i XP. Startat om datorerna. Startat om modem och rauter (innan jag upptäckt att vissa datorer funkar). Stön... Vad ska jag göra nu? Jag har aldrig haft den här typen av problem tidigare. Rautern är några år gammal och innan dess hade jag en hub. Chello (som nu är Com Hem) har jag haft i massor av år utan problem.
  20. Kompletterande info. Nu plötslig ser inte den engelska datorn något av nätverket!!! Hur sätter man upp ett stabilt nätverk hemma?
  21. Jag har kört nätverkskonfigureraren flera gånger och valt samma nätverksnamn i alla datorerna, så jag hoppas och tror att alla datorer ligger i samma nätverk. Hur kollar jag det? Den "engelska" ser ju de två andra så det bör väl vara riktigt så långt.
  22. Hej! Jag har tre XP-datorer, en skrivare och en nätverksdisk i nätverket. Min "engelska XP-dator" syns inte, men de två "svenska", skrivaren och nätverksdisken syns. Jag har läst en massa inlägg, bland annat //eforum.idg.se/viewmsg.asp?EntriesId=894521, men det har inte hjälpt. Info om den "engelska" datorn. Mjukvarubrandväggarna (Norton och Windows (alltid avstängd)) har jag stängt av. Det går bra att pinga den. Det går inte att komma åt datorn med IP-nummer heller. XP i den här datorn är äldre än i de "svenska". Jag har en gång för länge sedan installerat en VPN-klient på den. Den är inte startad. Det kan väl inte påverka? Datorn används för att spela diverse nätverksspel på, kan det påverka "synligheten"? Jag har försökt att göra följande, enligt tidigare inlägg. Problemet är att det inte finns något "Lägg till" att klicka på, det gör det inte på de "svenska" datorerna heller.
  23. Jag har tröttnat lite, men vist, jag har tillgång till flera datorer. Jag tror att en av dem i alla fall har samma typ av hårddisk som den som sitter i den här (långsamstartande). Jag har tänkt byta batteri, men jag blev bara så trött på allt. Vad ska jag göra med hårddiskan i den andra datorn (om den går att ansluta)?
  24. Nu är alt som vanligt igen!! Nja, det tar ju bara 3 minuter att starta, så det är ju en förbättring. Jag har använt datorn sedan i morse, kan det ha med värmen att göra? Det är fortfarande inga problem att använda datorn, bara att starta den? Windowsstartbillden framträder långsamt när datorn väl är botad, så var det nog tidigare också, men inte i morse när allt funkade normalt (eller tom bättre än normalt).
  25. Jag hann aldrig starta någon minnestest i natt, men... ...allt fungerar bra! Varför, jag varför???????????????????? Kan det ha med Norton IS att göra, jag får medelande att prenumerationen på VDF har upphört, fast den inte har det. Förnyade för några veckor sedan (det var inte i då datorn blev seg, det började tidigare). Kan det vara att håprddisken är defragmenterad, det såg inte så illa ut före defragmentering, men... Vi får väl se om det är tillfälligt eller håller i sig. Tack för hjälpen!
×
×
  • Skapa nytt...