Gå til innhold

Loggfiler etter fjerning av Wixawin-popup

jmor

Av jmor
i IKT-drift og sikkerhet

Anbefalte innlegg

jmor

jmor

Skrevet
Skrevet (endret)

Har fulgt guiden her og håper noen kan se over logfilene.....

 

Og et annet spørsmål? Kan jeg bare avinstallere alle de nedlasteden programmene etter at loggen er "godkjent"?!?!

 

Klikk for å se/fjerne innholdet nedenfor
<ComboFix 08-08-31.01 - ostjour51 2008-09-01 10:52:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1430 [GMT 2:00]

Running from: C:\Documents and Settings\ostjour51.OSTLENDINGEN\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\x64

 

.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

 

2008-09-01 10:32 . 2008-09-01 10:32 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-09-01 10:32 . 2008-09-01 10:32 <DIR> d-------- C:\Documents and Settings\ostjour51.OSTLENDINGEN\Programdata\SUPERAntiSpyware.com

2008-09-01 10:32 . 2008-09-01 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-09-01 10:31 . 2008-09-01 10:31 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-09-01 10:29 . 2008-09-01 10:29 <DIR> dr-h----- C:\Documents and Settings\ostjour51.OSTLENDINGEN\Siste

2008-09-01 10:27 . 2008-09-01 10:27 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-27 09:51 . 2008-08-27 09:51 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-08-27 09:51 . 2008-09-01 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-27 09:43 . 2008-08-27 11:38 10,752 --a------ C:\WINDOWS\DCEBoot.exe

2008-08-07 15:16 . 2008-08-12 00:26 <DIR> d-------- C:\Documents and Settings\ostjour51.OSTLENDINGEN\Programdata\LimeWire

2008-08-07 15:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-07 15:15 . 2008-08-07 15:16 <DIR> d-------- C:\Programfiler\Java

2008-08-07 15:15 . 2008-08-07 15:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-08-07 15:14 . 2008-08-07 15:15 <DIR> d-------- C:\Programfiler\LimeWire

2008-08-07 14:14 . 2008-08-07 14:14 1,585,673 --a------ C:\07SPOSundet shot.JPG

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-25 10:42 --------- d-----w C:\Programfiler\FotoStation Pro

2008-08-14 16:16 --------- d-----w C:\Documents and Settings\ostjour51.OSTLENDINGEN\Programdata\ICAClient

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:23 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-17 12:26 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLbz.DAT

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-04-03 10:59 155648]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATSwpNav"="C:\Programfiler\Fingerprint Sensor\ATSwpNav -run" [X]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 12:34 155648]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 12:33 131072]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-06-09 08:26 794713]

"PSUtility"="C:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-07-05 12:57 118784]

"TvOutSwitch"="C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2006-08-02 19:13 81920]

"LoadFUJ02E3"="C:\Programfiler\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 15:38 80688]

"SSUtility"="C:\AddOn\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 19:10 233472]

"IndicatorUtility"="C:\Programfiler\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-20 14:23 90112]

"LoadFujitsuQuickTouch"="C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 14:21 353792]

"LoadBtnHnd"="C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 14:20 61440]

"WatcherHelper"="C:\Programfiler\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2007-03-28 15:14 114688]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-12-20 20:54 278528]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-04-03 10:59 155648]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 20:31 710000]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.EXE]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 14:32 89541 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-07 11:50:35 113664]

Bluetooth Manager.lnk - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 14:31:34 2756608]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

Program Neighborhood Agent.lnk - C:\Programfiler\Citrix\ICA Client\pnagent.exe [2006-11-08 18:33:12 233744]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FJWSEL]

2006-06-29 15:45 32768 C:\WINDOWS\system32\FJWSWNP.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]

2006-06-02 18:04 32768 C:\WINDOWS\system32\PSUWNP.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"<NO NAME>"=

"C:\\Programfiler\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"42385:TCP"= 42385:TCP:Trend Micro OfficeScan Listener

 

R0 FJGSDisk;G-Sensor Application Filter Driver;C:\WINDOWS\system32\DRIVERS\FJGSDisk.sys [2008-04-02 13:36]

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-10-03 06:23]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-05-11 10:56]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 13:15]

R3 SWNC8U32;Sierra Wireless MUX NDIS Driver (UMTS32);C:\WINDOWS\system32\DRIVERS\swnc8u32.sys [2007-03-12 17:17]

R3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32);C:\WINDOWS\system32\DRIVERS\swumx32.sys [2007-03-12 16:18]

S2 LvIBTSvr;Logitech IBT Service;C:\Programfiler\Fellesfiler\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 23:29]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-AirCardEnabler - (no file)

Notify-1c8a3362382 - (no file)

Notify-__c0060DE4 - (no file)

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.ostlendingen.no/apps/pbcs.dll/forside

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 10:53:35

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-01 10:54:21

ComboFix-quarantined-files.txt 2008-09-01 08:54:15

 

Pre-Run: 111,229,624,320 byte ledig

Post-Run: 111,276,896,256 byte ledig

 

146 --- E O F --- 2008-08-13 01:01:53

 

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 09/01/2008 at 10:44 AM

 

Application Version : 4.20.1046

 

Core Rules Database Version : 3553

Trace Rules Database Version: 1542

 

Scan type : Quick Scan

Total Scan Time : 00:10:37

 

Memory items scanned : 538

Memory threats detected : 0

Registry items scanned : 431

Registry threats detected : 6

File items scanned : 4878

File threats detected : 12

 

Adware.Tracking Cookie

C:\Documents and Settings\ostjour51.OSTLENDINGEN\Cookies\[email protected][1].txt

C:\Documents and Settings\administrator.OSTLENDINGEN\Cookies\administrator@atdmt[1].txt

C:\Documents and Settings\administrator.OSTLENDINGEN\Cookies\[email protected][1].txt

C:\Documents and Settings\ostjour51\Cookies\ostjour51@advertising[1].txt

C:\Documents and Settings\ostjour51\Cookies\ostjour51@atdmt[2].txt

C:\Documents and Settings\ostjour51\Cookies\[email protected][1].txt

C:\Documents and Settings\ostjour51\Cookies\ostjour51@adtech[1].txt

C:\Documents and Settings\ostjour51\Cookies\ostjour51@2o7[2].txt

C:\Documents and Settings\ostjour51\Cookies\ostjour51@tradedoubler[1].txt

C:\Documents and Settings\ostjour51\Cookies\ostjour51@overture[2].txt

C:\Documents and Settings\ostjour51\Cookies\[email protected][2].txt

C:\Documents and Settings\ostjour51\Cookies\[email protected][1].txt

 

Trojan.Unclassified/C00-WL

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0060DE4

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0060DE4#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0060DE4#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0060DE4#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0060DE4#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0060DE4#Logon

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:05, on 2008-09-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Programfiler\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe

C:\Programfiler\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\AddOn\Fujitsu\SSUtility\FJSSDMN.exe

C:\Programfiler\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe

C:\Programfiler\Fingerprint Sensor\ATSwpNav.exe

C:\Programfiler\Sierra Wireless Inc\3G Watcher\WaHelper.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Programfiler\Citrix\ICA Client\pnagent.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\ostjour51.OSTLENDINGEN\Skrivebord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ostlendingen.no/apps/pbcs.dll/forside

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe

O4 - HKLM\..\Run: [TvOutSwitch] C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Programfiler\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [sSUtility] C:\AddOn\Fujitsu\SSUtility\FJSSDMN.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Programfiler\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programfiler\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [ATSwpNav] "C:\Programfiler\Fingerprint Sensor\ATSwpNav" -run

O4 - HKLM\..\Run: [WatcherHelper] "C:\Programfiler\Sierra Wireless Inc\3G Watcher\WaHelper.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programfiler\Citrix\ICA Client\pnagent.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ostlendingen.local

O17 - HKLM\Software\..\Telephony: DomainName = ostlendingen.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ostlendingen.local

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: FJWSEL - C:\WINDOWS\SYSTEM32\FJWSWNP.dll

O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech IBT Service (LvIBTSvr) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LvIBTSvr\LvIBTSvr.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmProxy.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

End of file - 9732 bytes

 

>

Endret av jmor
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
snippsat

snippsat

Skrevet
Skrevet

Ser bra ut grumset ble slettet.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Og et annet spørsmål? Kan jeg bare avinstallere alle de nedlasteden programmene etter at loggen er "godkjent"?!?!

Ja.

Nå kan det være greit og beholde SAS og CCleaner.

Du kan heller fjerne spybot.

 

Surf trygt.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...