Ingen användare syns i Aktivitetshanteraren

[Mackey]

Jag har problem med min dator, när man är inloggad syns ingen användare i Aktivitetshanteraren. Jag upptäckte det när jag försökte installera Norton 360, det gick inte att uppdatera vdf, mm. (Det funkar bra på andra datorer här hemma.)

Dessutom verkar det som att burken tror att den är två användare på något konstigt vis, men ingen syns.

 

Kan det vara så att någon har installerat något i XP som ska dölja användare och vad användaren gör. Är det i så fall virus/trojan eller någon som använder datorn på plats? Min son och hans kompisar använder också datorn.

 

Viktigast är att få bort sådant som hindrar uppdateringen av Norton. Systremåterställningen funkar inte.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 07:46:58, on 2007-08-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\XRools\smss.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Norton 360\ScanStub.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE

C:\Program Files\Symantec\LiveUpdate\luall.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt800\spa.exe

C:\Documents and Settings\Marc\Desktop\Rensning.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunOnce: [Norton 360Seq] C:\WINDOWS\TEMP\LUProdRg.exe /f:C:\WINDOWS\TEMP\360LUProdRg.ini /s:SPW_Set_Sequence

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing)

O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[/log]

[Cecilia]

Vet du vad detta är?

O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe

Använder du VPN?

 

Vad på det lokala nätverket har IP-adressen 192.168.1.4?

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4

 

För övrigt så ser jag inget otrevligt i datorn.

Har något av säkerhetsprogrammen du kört hittat något (förutom cookies)?

 

Dessutom verkar det som att burken tror att den är två användare på något konstigt vis, men ingen syns.

Kan du förklara varför du tror så?

 

Min son och hans kompisar använder också datorn.

Har ni olika användarkonton? I så fall kan det vara bäst med en HijackThis-logg från hans användarkonto också.

 

[Mackey]

Vet du vad detta är?

O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe

Använder du VPN?

Det är för VPN-tunneln till gamla jobbet jag inte tagit bort, eller egentligen inte lyckats få bort.

 

Vad på det lokala nätverket har IP-adressen 192.168.1.4?

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4

Nu är det en fast IP-adress för en annan dator i nätverket, tidigare var IP-adreserna inte fasta så då kan det ha varit vad som hellst.

 

För övrigt så ser jag inget otrevligt i datorn.

Har något av säkerhetsprogrammen du kört hittat något (förutom cookies)?

Nej!?

 

Dessutom verkar det som att burken tror att den är två användare på något konstigt vis, men ingen syns.

Kan du förklara varför du tror så?

Först och främnst är det många dubletter av processerna i Aktivitetshanteraren och dessutom ser det ut som att - när man stänger av datorn - går ut ur en användare och sedan en till. Det här går så snabbt så det är svårt att helt säkert säga att det är så, men det är i alla fall den känslan man får.

 

Här kommer en logg på min sons användare.

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:46:07, on 2007-08-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\XRools\smss.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE

C:\Program Files\Symantec\LiveUpdate\luall.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt823\spa.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing)

O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/log]

 

 

 

[Cecilia]

I Aktivitetshanteraren - Processer, bocka för Visa processer för alla användare om det inte redan är gjort, välj Visa - Välj kolumner och se till att Användarnamn är förbockat. Vilka Användarnamn ser du då?

 

Det är ovanligt att man använder en annan dator i nätverket som namnserver. Är det någon särskild tanke bakom det?

 

HijackThis-loggen ser normal ut.

 

[Mackey]

Det enda användarnamn som syns är SYSTEM. I övrigt är kolumnen tom.

 

Det finns ingen tanke med någon namnserver, jag vet inte ens vad det är.

Det kan ha varit så att problemdatorn vid något tillfälle tidigare hade den IP-adressen. Jag har bara satt upp ett hemmanätverk som funkar lite si och så. Det här kanske är ett problem. Den dator vi talar om nu syns aldrig, eller i alla fall nästan aldrig, på nätverket.

 

[Cecilia]

Det var ju skumt med användarnamnen.

 

SUPERAntiSpyware är ett bra antispionprogram så vi kan ju se om det hittar något otrevligt.

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta SUPERAntiSpyware, tryck på Preferences, välj fliken Statistics/Logs.

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar.

 

[Mackey]

Här kommer loggen.

 

[log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/23/2007 at 02:03 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3272

Trace Rules Database Version: 1283

 

Scan type : Complete Scan

Total Scan Time : 01:24:16

 

Memory items scanned : 619

Memory threats detected : 0

Registry items scanned : 6734

Registry threats detected : 0

File items scanned : 105786

File threats detected : 142

 

Adware.Tracking Cookie

C:\Documents and Settings\Marc\Cookies\marc@t3[2].txt

C:\Documents and Settings\Marc\Cookies\marc@1072623259[1].txt

C:\Documents and Settings\Marc\Cookies\marc@ads.imesh[1].txt

C:\Documents and Settings\Marc\Cookies\marc@ad1.clickhype[1].txt

C:\Documents and Settings\Marc\Cookies\marc@adknowledge[1].txt

C:\Documents and Settings\Marc\Cookies\marc@audit.median[1].txt

C:\Documents and Settings\Marc\Cookies\marc@cz8.clickzs[2].txt

C:\Documents and Settings\Marc\Cookies\marc@1072483310[1].txt

C:\Documents and Settings\Marc\Cookies\marc@cgi-bin[2].txt

C:\Documents and Settings\Marc\Cookies\marc@ath.belnk[1].txt

C:\Documents and Settings\Marc\Cookies\marc@torget[1].txt

C:\Documents and Settings\Marc\Cookies\marc@eclick.omgse[1].txt

C:\Documents and Settings\Marc\Cookies\marc@basic[2].txt

C:\Documents and Settings\Marc\Cookies\marc@windowsmedia[2].txt

C:\Documents and Settings\Marc\Cookies\marc@eboz[1].txt

C:\Documents and Settings\Marc\Cookies\marc@sc[1].txt

C:\Documents and Settings\Marc\Cookies\marc@cz6.clickzs[1].txt

C:\Documents and Settings\Marc\Cookies\marc@cz3.clickzs[2].txt

C:\Documents and Settings\Marc\Cookies\marc@ad-server.gulasidorna[2].txt

C:\Documents and Settings\Marc\Cookies\marc@ads.monster[1].txt

C:\Documents and Settings\Marc\Cookies\marc@postclicktracking[1].txt

C:\Documents and Settings\Marc\Cookies\marc@torget[2].txt

C:\Documents and Settings\Marc\Cookies\marc@ads.realtechnetwork[2].txt

C:\Documents and Settings\Marc\Cookies\marc@dcsx8pw0epifwzbqfcuk9q0y1_7n3v[1].txt

C:\Documents and Settings\Marc\Cookies\marc@1068415716[1].txt

C:\Documents and Settings\Marc\Cookies\marc@ads.pr[2].txt

C:\Documents and Settings\Marc\Cookies\marc@t1[2].txt

C:\Documents and Settings\Marc\Cookies\marc@se[1].txt

C:\Documents and Settings\Marc\Cookies\marc@nedstat[1].txt

C:\Documents and Settings\Marc\Cookies\marc@globalstat[2].txt

C:\Documents and Settings\Marc\Cookies\marc@ad.aktivist[2].txt

C:\Documents and Settings\Marc\Cookies\marc@server3.web-stat[1].txt

C:\Documents and Settings\Marc\Cookies\marc@posten[2].txt

C:\Documents and Settings\Marc\Cookies\marc@link[2].txt

C:\Documents and Settings\Marc\Cookies\marc@www.windowsmedia[2].txt

C:\Documents and Settings\Marc\Cookies\marc@adverticum[2].txt

C:\Documents and Settings\Marc\Cookies\marc@cz4.clickzs[2].txt

C:\Documents and Settings\Marc\Cookies\marc@oas.247realmedia[1].txt

C:\Documents and Settings\Marc\Cookies\marc@1070847646[1].txt

C:\Documents and Settings\Marc\Cookies\marc@ads.chellomedia[1].txt

C:\Documents and Settings\Marc\Cookies\marc@cz5.clickzs[1].txt

C:\Documents and Settings\Marc\Cookies\marc@1071732759[1].txt

C:\Documents and Settings\Marc\Cookies\marc@www.swebusexpress[1].txt

C:\Documents and Settings\Marc\Cookies\marc@ads.gamershell[2].txt

C:\Documents and Settings\Marc\Cookies\marc@gsmworld[1].txt

C:\Documents and Settings\Marc\Cookies\marc@clicktorrent[2].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@ad.zanox[1].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@adtech[2].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@atdmt[1].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@clicksor[1].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@clicktorrent[2].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@doubleclick[1].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@imrworldwide[2].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@statse.webtrendslive[1].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@toplist[1].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@toplist[2].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@tracker.seeknear[2].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@tracking.notabenestats[1].txt

C:\Documents and Settings\Bara spel\Cookies\bara_spel@tradedoubler[2].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@ad-server.gulasidorna[2].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@adopt.hbmediapro[1].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@banner[1].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@belnk[1].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@dist.belnk[2].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@dn.adx[2].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@focalex[1].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@m1.webstats4u[1].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@partner2profit[2].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@superstats[1].txt

C:\Documents and Settings\Bibbi\Cookies\bibbi@www5.addfreestats[1].txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@ad-server.gulasidorna[2].txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@ads.txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@ads_adx.txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@bannerspace(1).txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@clicks_firstname.txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@livestat.txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@speedyclick(1).txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@stat.www[1].txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@stats.paregos[2].txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@stats_superstats(1).txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@tripod.txt

C:\Documents and Settings\Marc\Desktop\Skrivbord\Unzip\Mina dokument\Marcs Profil\Cookies\rbnm@www.toplist[1].txt

C:\Documents and Settings\Nina\Cookies\nina@ath.belnk[1].txt

C:\Documents and Settings\Nina\Cookies\nina@belnk[2].txt

C:\Documents and Settings\Nina\Cookies\nina@dist.belnk[1].txt

C:\Documents and Settings\Nina\Cookies\nina@emarketmakers[2].txt

C:\Documents and Settings\Nina\Cookies\nina@kanoodle[1].txt

C:\Documents and Settings\Nina\Cookies\nina@rightmedia[2].txt

C:\Documents and Settings\Nina\Cookies\nina@tracking[1].txt

C:\Documents and Settings\Nina\Cookies\nina@xiti[2].txt

C:\Documents and Settings\Richard\Cookies\richard@atwola[2].txt

C:\Documents and Settings\Richard\Cookies\richard@bannerspace[1].txt

C:\Documents and Settings\Richard\Cookies\richard@belnk[1].txt

C:\Documents and Settings\Richard\Cookies\richard@counter[2].txt

C:\Documents and Settings\Richard\Cookies\richard@dist.belnk[2].txt

C:\Documents and Settings\Richard\Cookies\richard@dn.adx[1].txt

C:\Documents and Settings\Richard\Cookies\richard@rightmedia[2].txt

C:\Documents and Settings\Richard\Cookies\richard@svd.adx[1].txt

C:\Documents and Settings\Richard\Cookies\richard@tn.adx[1].txt

C:\Documents and Settings\Richard\Cookies\richard@www.counter-strike-dl[1].txt

C:\Kopia på Ninas hårddisk 2007-07-18\Documents and Settings\Marc\Cookies\marc@atdmt[2].txt

C:\Kopia på Ninas hårddisk 2007-07-18\Documents and Settings\Marc\Cookies\marc@mediaplex[1].txt

F:\Documents and Settings\Amine\Cookies\amine@ad.adtoma[2].txt

F:\Documents and Settings\Amine\Cookies\amine@ad.directanetworks[2].txt

F:\Documents and Settings\Amine\Cookies\amine@ad.zanox[2].txt

F:\Documents and Settings\Amine\Cookies\amine@adfarm1.adition[1].txt

F:\Documents and Settings\Amine\Cookies\amine@ads.monster[2].txt

F:\Documents and Settings\Amine\Cookies\amine@ads2.howardchui[1].txt

F:\Documents and Settings\Amine\Cookies\amine@adserving.cpxinteractive[2].txt

F:\Documents and Settings\Amine\Cookies\amine@adsrevenue[2].txt

F:\Documents and Settings\Amine\Cookies\amine@amsterdamlivexxx[1].txt

F:\Documents and Settings\Amine\Cookies\amine@counter.search[1].txt

F:\Documents and Settings\Amine\Cookies\amine@divx.adbureau[2].txt

F:\Documents and Settings\Amine\Cookies\amine@drivecleaner[2].txt

F:\Documents and Settings\Amine\Cookies\amine@gordon2525.tripod[2].txt

F:\Documents and Settings\Amine\Cookies\amine@imrworldwide[2].txt

F:\Documents and Settings\Amine\Cookies\amine@interclick[2].txt

F:\Documents and Settings\Amine\Cookies\amine@partypoker[2].txt

F:\Documents and Settings\Amine\Cookies\amine@richmedia.yahoo[1].txt

F:\Documents and Settings\Amine\Cookies\amine@se.winantivirus[1].txt

F:\Documents and Settings\Amine\Cookies\amine@tripod[2].txt

F:\Documents and Settings\Amine\Cookies\amine@warlog[1].txt

F:\Documents and Settings\Amine\Cookies\amine@winantivirus[2].txt

F:\Documents and Settings\Amine\Cookies\amine@www.clickgamer[2].txt

F:\Documents and Settings\Amine\Cookies\amine@www.clickmanage[2].txt

F:\Documents and Settings\Amine\Cookies\amine@www.googleadservices[1].txt

F:\Documents and Settings\Amine\Cookies\amine@www.winantiviruspro[2].txt

F:\Documents and Settings\Amine\Cookies\amine@www5.addfreestats[1].txt

F:\Documents and Settings\Amine\Cookies\amine@www8.addfreestats[1].txt

F:\Documents and Settings\Amine\Cookies\amine@xiti[1].txt

F:\Documents and Settings\Marc\Cookies\marc@ads.monster[2].txt

F:\Documents and Settings\Marc\Cookies\marc@drivecleaner[2].txt

F:\Documents and Settings\Marc\Cookies\marc@partypoker[2].txt

F:\Documents and Settings\Marc\Cookies\marc@se.drivecleaner[1].txt

F:\Documents and Settings\Marc\Cookies\marc@stats.drivecleaner[2].txt

F:\Documents and Settings\Marc\Cookies\marc@www.winantiviruspro[1].txt

F:\Documents and Settings\Nina\Cookies\nina@ad.adtoma[1].txt

F:\Documents and Settings\Nina\Cookies\nina@imrworldwide[2].txt

F:\Documents and Settings\Nina\Cookies\nina@winantivirus[2].txt

 

Trojan.Downloader-Gen/AVP

F:\DOCUMENTS AND SETTINGS\AMINE\LOKALA INSTäLLNINGAR\TEMP\WIN29.TMP.EXE

 

Adware.ClickSpring/Yazzle

F:\PROGRAM\DELADE FILER\YAZZLE1162OINUNINSTALLER.EXE

 

Trojan.Downloader-Win/GHY

F:\WINDOWS\SYSTEM32\WINOSZ32.DLL[/log]

 

 

 

 

[inlägget ändrat 2007-08-17 08:49:20 av Mackey]

[Cecilia]

Core Rules Database Version : 3272

Trace Rules Database Version: 1283

 

Du har inte uppdaterat programmet. Gör det och skanna igen i felsäkert läge.

 

När du är i felsäkert läge töm mappen:

F:\DOCUMENTS AND SETTINGS\AMINE\LOKALA INSTäLLNINGAR\TEMP

Du behöver troligen ställa in Utforskaren på följande sätt för att kunna göra det:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

I normalt läge så klistra in den nya loggen.

 

Ladda ner den senaste versionen av HijackThis och klistra in en logg från den.

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

 

[Mackey]

Nu blir det konstigt!

 

Jag har uppdaterat progremmet och fått meddelande att det inte finns några nya uppdateringar.

 

Jag har ingen F: på datorn

 

Hjälp, vad ska jag göra?

 

[Cecilia]

Nu tittade jag lite noggrannare, den SUPERAntiSpyware-logg du klistrade in är skapad 23 juli. Har du haft SUPERAntiSpyware sedan dess? Har inget hittats sedan det datumet och du därför inte har någon nyare logg? När loggen skapades fanns det en F: eftersom SUPERAntiSpyware har tagit bort filer från F:. Har du då några förklaringar?

 

[Mackey]

Ledsen, jag måste ha klistrat in fel logg.

Du hjälpte mig att rensa min dotters dator den gången. Jag hade hennes disk installerad i den här datorn. Den funkar bra sedan dess, tack!

Jag ska ta mig en titt på C:\DOCUMENTS AND SETTINGS\AMINE\LOKALA INSTäLLNINGAR\TEMP på den, men jag tror att det redan är gjort.

 

Här kommer rätt logg i felsäkert läge.

[log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/18/2007 at 11:23 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3289

Trace Rules Database Version: 1300

 

Scan type : Complete Scan

Total Scan Time : 00:44:52

 

Memory items scanned : 184

Memory threats detected : 0

Registry items scanned : 6454

Registry threats detected : 0

File items scanned : 43618

File threats detected : 2

 

Adware.Tracking Cookie

C:\Documents and Settings\Marc\Cookies\marc@www.adservermagic[1].txt

C:\Documents and Settings\Marc\Cookies\marc@track.adform[1].txt[/log]

 

och en HijackThiss log, också i felsäkert läge

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:23:13, on 2007-08-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/'>http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage'>http://securityresponse.symantec.com/avcenter/fix_homepage

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab'>http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab'>http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab'>http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187'>http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab'>http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab'>http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing)

O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 

--

End of file - 7881 bytes[/log]

 

och en "vanlig"

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:40:28, on 2007-08-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\XRools\smss.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184946701187

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.4

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing)

O23 - Service: SafeNet IKE Service (IreIKE) - Unknown owner - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 

--

End of file - 9397 bytes[/log]

 

[Cecilia]

Det var ju bra att det fick sin förklaring.

 

SUPERAntiSpyware hittade ju bara cookies, så det är ju lugnt.

 

Annat antivirusprogram nu ser jag. Har Antivir hittat något?

Är det bara tillfälligt eftersom du inte verkar ha avinstallerat Symantec LiveUpdate?

 

Även dessa HijackThis-loggar ser bra ut.

Skanna datorn med Blacklight:

http://www.f-secure.com/blacklight/try_blacklight.html

Klistra in loggen därifrån om den hittar något.

 

 

[Mackey]

Blacklighet hittade inget! Det är ju bra.

 

Symantec Live uppdate ligger kvar sedan jag försökte installera Norton 360. Installationen funkade, men det gick inte att uppdatera vdf:en. Det var ju då jag upptäckte att användarna inte syntes.

[inlägget ändrat 2007-08-19 15:10:01 av Mackey]

[Cecilia]

Du har letat igenom datorn ordentligt efter otrevligheter, visst finns det fler program man kan köra men det känns inte troligt att det är något sådant som döljer användarna.

 

Googlade lite och fann detta:

Terminal Services

Allows remote login to the local computer. This service is required for Fast User Switching, Remote Desktop Server and Remote Assistance. You will not be able to view who is logged on to a particular computer by viewing the "user" tab located in the Task Manager if this service is disabled.

http://www.wilderssecurity.com/showthread.php?t=164140

 

Så kolla i Kontrollpanelen - Administrationsverktyg - Tjänster hur det ser ut med tjänsten Terminal Services, starta den, sätt startmetod till Automatiskt och se om Aktivitetshanteraren kan visa användare igen (omstart av datorn kanske behövs).