Just nu i M3-nätverket
Jump to content

Virus i guess?


xaknoob

Recommended Posts

Hallå!

 

Datorn har börjat bete sig lite konstigt på senaste tiden. Den har blivit segare, något jävla FF fönster poppar upp ibland, här är den senaste länken

 

http:// 70.38.98.32/red.php?lid=2greatfind.com&br=firefox&url=www.google.se%2Fsearch%3Fclient%3Dfirefox-a%26rls%3Dorg.mozilla%3Asv-SE%3Aofficial%26channel%3Ds%26hl%3Dsv%26q%3D2greatfind.com%26meta%3D%26btnG%3DGoogle-s%C3%B6kning&z=SE&affid=171403&ver=112&shows=0&click1=1&click2=0&uqs=1&uid=A768EB24C3BF11DDA955171403CFFFFF&guid=AE22A6BD669243FABF73BC65798099CD&jguid=&cmp=superjuan&rid=zdez&xp=1

 

Och en till!

http:// 2greatfind.com/rdr2.php?sid=c28b865099f7fd452ee584548f0ed787

 

Här är HTJ loggen!

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:48:15, on 2008-12-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Program\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

D:\WINDOWS\VistaDrive\VistaDrive.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

D:\Program\Windows Live\Messenger\msnmsgr.exe

D:\Program\Windows Live\Messenger\usnsvc.exe

D:\WINDOWS\system32\rundll32.exe

D:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [OutpostMonitor] D:\Program\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Program\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [LXCRCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [startCCC] "D:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [d44c2e84] rundll32.exe "D:\WINDOWS\system32\ojiiljpi.dll",b

O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "D:\Program\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [RGSC] D:\Program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program\Agnitum\Outpost Security Suite Pro\ie_bar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - D:\Program\ekort\ekort.exe

O20 - AppInit_DLLs: d:\program\agnitum\outpos~1\wl_hook.dll kjmbyr.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - D:\Program\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - D:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program\iPod\bin\iPodService.exe

O23 - Service: lxcr_device - - D:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

 

 

End of file - 6569 bytes[/log]

 

 

 

Tack så mycket på förhand!

 

Ändrat så att länkarna inte är klickbara

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2008-12-07 00:03:57 av Cecilia]

Link to comment
Share on other sites

En jävel till, börjar bli trött nu

 

http:// cativern.com/go/rfe.php?cmp=vm_mg_fails_juan&uid=A768EB24C3BF11DDA955171403CFFFFF&guid=AE22A6BD669243FABF73BC65798099CD&lid=&url=this%26meta%3D%26btnG%3DGoogle-s%F6kning&affid=171403&b42=&b42=0.0015

 

Ändrat så att länkarna inte är klickbara

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2008-12-07 00:04:34 av Cecilia]

Link to comment
Share on other sites

Konstigt, har haft det sen jag installerade windows, vilket är för 3 månader sen och först nu börjar popupsen och segheten så tror nog inte det, men tar bort skiten ändå.

 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan.

Upprepa proceduren med övriga filer på samma sätt.

 

D:\WINDOWS\system32\ojiiljpi.dll",b

 

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

 

tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd).

 

Klistra in resultatet från de olika antivirusprogrammen här.

 

 

[inlägget ändrat 2008-12-06 21:38:57 av //gästen]

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware från en av dessa länkar:

http://www.malwaresupport.com/mbam/program/mbam-setup.exe

http://www.brothersoft.com/download-malwarebytes.-anti-malware-71

406.html

Dubbelklicka på mbam-setup.exe för att installera programmet.

 

 

Bocka för: Update Malwarebytes' Anti-Malware Launch Malwar...

 

Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.

 

 

Edit: Hade varit lite lättare om klistrat in loggen här,men det går ändå

[inlägget ändrat 2008-12-06 22:31:52 av //gästen]

Link to comment
Share on other sites

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1467

Windows 5.1.2600 Service Pack 3

 

2008-12-06 23:17:19

mbam-log-2008-12-06 (23-17-19).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 47762

Förfluten tid: 2 minute(s), 59 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 3

Infekterade registernycklar: 13

Infekterade registervärden: 1

Infekterade registerdataposter: 2

Infekterade mappar: 0

Infekterade filer: 18

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

D:\WINDOWS\system32\qoMgeDUK.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\kjmbyr.dll (Trojan.Vundo) -> Delete on reboot.

D:\WINDOWS\system32\byXOhFvW.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxohfvw (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f2d0321-6e52-412a-9556-79de45a2985f} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6f2d0321-6e52-412a-9556-79de45a2985f} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ea8e4cf-3ef5-4cef-8ebf-3341272ff702} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8ea8e4cf-3ef5-4cef-8ebf-3341272ff702} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ea8e4cf-3ef5-4cef-8ebf-3341272ff702} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\qomgeduk -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\qomgeduk -> Delete on reboot.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

D:\WINDOWS\system32\byXOhFvW.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\qoMgeDUK.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\KUDegMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\KUDegMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\kjmbyr.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\ojiiljpi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ipjliijo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\urqQgDwW.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\khfDsSLE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\khfFWmkj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\mlJAQIxU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\iifGVoPF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ljJBrOGy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\lklqysif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\qoMcbaxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ssqNDvut.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ssqOHAsp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\xxyVnoPH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.[/log]

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:22:48, on 2008-12-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\Program\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

D:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Program\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\PnkBstrA.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

D:\WINDOWS\system32\lxcrcoms.exe

D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

D:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program\Malwarebytes' Anti-Malware\mbam.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Windows Live\Messenger\msnmsgr.exe

D:\Program\Windows Live\Messenger\usnsvc.exe

D:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [OutpostMonitor] D:\Program\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Program\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [startCCC] "D:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LXCRCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program\Agnitum\Outpost Security Suite Pro\ie_bar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - D:\Program\ekort\ekort.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O20 - AppInit_DLLs: d:\program\agnitum\outpos~1\wl_hook.dll kjmbyr.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - D:\Program\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - D:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program\iPod\bin\iPodService.exe

O23 - Service: lxcr_device - - D:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 6685 bytes

[/log]

 

Link to comment
Share on other sites

Mycket skräp i den första loggen, men det verkar ha rensats undan, och den andra loggen ser ren ut, förutom en gammal java-version.

Hur verkar datorn må nu?

 

Rekommenderar att du laddar hem och installerar en ny version av java.

 

http://www.java.com/sv/

 

Avinstallera sedan den gamla i Lägg till/ta bort program.

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...