ComboFix 11-02-17.02 - Anonym 18.02.2011  18:09:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.47.1044.18.1525.286 [GMT 1:00]
Kjører fra: c:\users\Anonym\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Anonym\AppData\Roaming\Microsoft\AdjMmsVista.dll

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2011-01-18 til 2011-02-18  )))))))))))))))))))))))))))))))))
.

2011-02-18 17:21 . 2011-02-18 17:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-18 17:21 . 2011-02-18 17:22	--------	d-----w-	c:\users\Anonym\AppData\Local\temp
2011-02-18 17:21 . 2011-02-18 17:21	--------	d-----w-	c:\users\Gjest\AppData\Local\temp
2011-02-18 17:21 . 2011-02-18 17:21	--------	d-----w-	c:\users\1\AppData\Local\temp
2011-02-17 23:18 . 2011-02-17 23:18	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75D9D729-E89C-40EA-89F8-C57388AF75FF}\MpKsla18fa50f.sys
2011-02-17 23:18 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75D9D729-E89C-40EA-89F8-C57388AF75FF}\mpengine.dll
2011-02-17 10:27 . 2011-02-17 23:07	--------	d-----w-	c:\programdata\jAhJlBk06504
2011-01-23 04:03 . 2011-01-23 04:04	82464616	----a-w-	c:\program files\Common Files\Windows Live\.cache\wlc873C.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-04-29 17:45	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-01-13 09:41 . 2010-12-20 22:29	5890896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-28 15:55 . 2011-01-13 23:50	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2009-04-24 20:00	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-04-24 20:00	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-13 23:49	1169408	----a-w-	c:\windows\system32\sdclt.exe
2010-11-30 09:43 . 2010-12-20 17:48	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2010-11-30 09:43 . 2010-12-20 17:48	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{875B3AC0-40DF-4D04-B042-140087D2207E}\gapaengine.dll
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-20 438272]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"NDSTray.exe"="NDSTray.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-26 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16	141608	----a-w-	c:\program files\Apple\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\program files\Apple\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 MpKslb85c15dc;MpKslb85c15dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{660370D8-4B54-4576-9975-62611B5FD128}\MpKslb85c15dc.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WMSvc;Webbehandlingstjeneste;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Criscs;Criscs;c:\windows\system32\drivers\acpi.sys [2009-04-11 265688]
S1 MpKsla18fa50f;MpKsla18fa50f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75D9D729-E89C-40EA-89F8-C57388AF75FF}\MpKsla18fa50f.sys [2011-02-17 28752]
S1 MpKslaf74ce91;MpKslaf74ce91;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C0D1FB1-8689-4792-8427-94F106ABFF3F}\MpKslaf74ce91.sys [x]
S1 MpKsld843924e;MpKsld843924e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C0D1FB1-8689-4792-8427-94F106ABFF3F}\MpKsld843924e.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - MPKSLA18FA50F

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2011-02-18 c:\windows\Tasks\User_Feed_Synchronization-{12C43E05-8869-4DA0-959B-630AD3101777}.job
- c:\windows\system32\msfeedssync.exe [2010-12-20 04:25]
.
.
------- Tilleggsskanning -------
.
uInternet Settings,ProxyServer = 133.11.240.56:3124
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
FF - ProfilePath - c:\users\Anonym\AppData\Roaming\Mozilla\Firefox\Profiles\qf8j3a76.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Norsk BokmÃ¥l ordliste: nb-NO@dictionaries.addons.mozilla.org - %profile%\extensions\nb-NO@dictionaries.addons.mozilla.org
FF - Ext: Norsk Nynorsk ordliste: nn-NO@dictionaries.addons.mozilla.org - %profile%\extensions\nn-NO@dictionaries.addons.mozilla.org
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Work Offline: {761a54f1-8ccf-4112-9e48-dbf72adf6244} - %profile%\extensions\{761a54f1-8ccf-4112-9e48-dbf72adf6244}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - %profile%\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
.
- - - - TOMME PEKERE FJERNET - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 18:22
Windows 6.0.6002 Service Pack 2 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tidspunkt ferdig: 2011-02-18  18:26:03
ComboFix-quarantined-files.txt  2011-02-18 17:25
ComboFix2.txt  2009-04-25 00:18

Pre-Run: 3 988 344 832 byte ledig
Post-Run: 7 026 991 104 byte ledig

- - End Of File - - 547FD912A49DB1AFC4ED4C099DBEDD14