Combofix logg - Antivirus Live Problemer

[nasse222]

Antivirus Live Problemer Combofix logg

 

 

Kjørt Combofix fra sikkermodus, samme med MalwareBytes

 

Kjørt "rkill" (http://download.bleepingcomputer.com/grinler/rkill.com)

 

Her er Logg, takker for all hjelp :

 

ComboFix 10-01-12.04 - pc 13.01.2010 9:12.2.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1023.809 [GMT 1:00]

Kjører fra: c:\documents and settings\pc\Skrivebord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\pc\Programdata\inst.exe

c:\windows\icon.ico

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-13 til 2010-01-13 )))))))))))))))))))))))))))))))))

.

 

2010-01-13 08:06 . 2010-01-13 08:06 -------- d--h--r- c:\documents and settings\pc\Siste

2010-01-13 07:04 . 2010-01-13 07:04 -------- d-----w- c:\documents and settings\All Users\Programdata\HP Product Assistant

2010-01-13 06:44 . 2010-01-13 06:44 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-13 06:43 . 2010-01-13 06:43 -------- d-----w- c:\documents and settings\pc\Programdata\AVG9

2010-01-09 18:26 . 2010-01-13 07:02 5115824 ----a-w- c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-09 18:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-09 18:26 . 2010-01-13 07:09 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-01-09 18:26 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-08 14:02 . 2010-01-08 13:59 4043032 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgui.exe

2010-01-08 14:02 . 2010-01-08 13:59 2033432 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgtray.exe

2010-01-08 14:02 . 2010-01-08 13:59 3776280 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\setup.exe

2010-01-08 14:02 . 2010-01-08 13:59 3967256 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgcorex.dll

2010-01-08 14:02 . 2010-01-08 13:59 2352920 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgresf.dll

2010-01-08 14:02 . 2010-01-08 13:59 916248 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgcfgx.dll

2010-01-08 14:00 . 2010-01-08 14:00 -------- d-----w- C:\$AVG

2010-01-08 13:59 . 2010-01-08 13:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-01-08 13:59 . 2010-01-08 13:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-01-08 13:59 . 2010-01-08 13:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-08 13:59 . 2010-01-13 06:52 -------- d-----w- c:\windows\system32\drivers\Avg

2010-01-08 13:59 . 2010-01-08 13:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-01-08 13:59 . 2010-01-08 13:59 -------- d-----w- c:\programfiler\AVG

2010-01-08 13:59 . 2010-01-08 13:59 -------- d-----w- c:\documents and settings\All Users\Programdata\avg9

2010-01-05 13:51 . 2010-01-13 07:05 -------- d-----w- c:\documents and settings\pc\Programdata\HpUpdate

2010-01-05 13:51 . 2010-01-05 13:51 -------- d-----w- c:\windows\Hewlett-Packard

2010-01-05 06:10 . 2010-01-05 06:10 -------- d-----w- c:\documents and settings\pc\Programdata\Malwarebytes

2010-01-05 06:10 . 2010-01-05 06:10 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-01-05 06:05 . 2001-08-18 05:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2010-01-05 06:05 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll

2010-01-05 06:05 . 2001-08-18 05:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2010-01-05 06:05 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll

2010-01-05 06:05 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2010-01-05 06:05 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll

2010-01-05 06:05 . 2001-08-17 21:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2010-01-05 06:05 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll

2010-01-05 06:05 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2010-01-05 06:05 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll

2010-01-05 06:05 . 2008-04-14 17:20 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2010-01-05 06:05 . 2008-04-14 17:20 6144 ----a-w- c:\windows\system32\kbd106.dll

2010-01-04 16:18 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-04 14:14 . 2010-01-04 14:14 52224 ----a-w- c:\documents and settings\pc\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-04 14:14 . 2010-01-04 14:14 117760 ----a-w- c:\documents and settings\pc\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-04 14:13 . 2010-01-04 14:13 -------- d-----w- c:\documents and settings\pc\Programdata\SUPERAntiSpyware.com

2010-01-04 13:48 . 2008-08-18 10:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll

2010-01-04 13:48 . 2008-08-18 10:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll

2010-01-04 12:25 . 2010-01-04 12:25 -------- d-----w- c:\documents and settings\pc\Programdata\Printer Info Cache

2010-01-04 12:25 . 2010-01-04 12:25 -------- d-----w- c:\documents and settings\pc\Programdata\Image Zone Express

2010-01-04 12:21 . 2010-01-04 12:21 -------- d-----w- c:\documents and settings\All Users\Programdata\WEBREG

2010-01-04 12:21 . 2010-01-04 12:31 -------- d-----w- c:\documents and settings\pc\Programdata\HP

2010-01-04 12:17 . 2010-01-04 12:18 -------- d-----w- c:\documents and settings\All Users\Programdata\HP

2010-01-04 12:17 . 2010-01-04 12:17 -------- d-----w- c:\documents and settings\All Users\Programdata\HPSSUPPLY

2010-01-04 12:16 . 2010-01-04 12:20 -------- d-----w- c:\programfiler\Fellesfiler\HP

2010-01-04 12:16 . 2010-01-04 12:16 -------- d-----w- c:\programfiler\Fellesfiler\Hewlett-Packard

2010-01-04 12:15 . 2006-12-06 06:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2010-01-04 12:15 . 2006-12-06 06:02 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2010-01-04 12:15 . 2010-01-04 12:15 -------- d-----w- c:\documents and settings\All Users\Programdata\Hewlett-Packard

2010-01-04 12:15 . 2009-04-29 13:07 271704 ----a-w- c:\windows\system32\hpzids01.dll

2010-01-04 12:15 . 2006-12-29 08:57 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll

2010-01-04 12:15 . 2006-12-30 14:49 117760 ----a-w- c:\windows\system32\hpzll4v2.dll

2010-01-04 12:14 . 2006-12-06 06:02 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2010-01-04 12:14 . 2006-12-06 06:02 364544 ----a-r- c:\windows\system32\hppldcoi.dll

2010-01-04 12:14 . 2006-12-06 06:02 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-01-04 12:14 . 2006-12-06 06:00 675840 ----a-r- c:\windows\system32\hpowiax3.dll

2010-01-04 12:14 . 2006-12-06 06:00 569344 ----a-r- c:\windows\system32\hpotscl3.dll

2010-01-04 12:14 . 2006-12-06 06:00 294912 ----a-r- c:\windows\system32\hpovst10.dll

2010-01-04 12:13 . 2008-04-13 19:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2010-01-04 12:13 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-01-04 12:11 . 2010-01-04 12:21 139928 ----a-w- c:\windows\hpoins12.dat

2010-01-04 12:11 . 2007-01-22 16:05 1470 ------w- c:\windows\hpomdl12.dat

2010-01-01 19:07 . 2010-01-01 19:07 -------- d-----w- c:\documents and settings\pc\Lokale innstillinger\Programdata\Ahead

2010-01-01 19:06 . 2010-01-01 19:06 -------- d-----w- c:\documents and settings\pc\Programdata\Nero

2010-01-01 19:01 . 2010-01-04 13:10 -------- d-----w- c:\programfiler\Fellesfiler\Nero

2010-01-01 19:01 . 2010-01-04 13:06 -------- d-----w- c:\documents and settings\All Users\Programdata\Nero

2010-01-01 19:01 . 2010-01-01 19:01 -------- d-----w- c:\programfiler\Nero

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-13 07:32 . 2003-04-25 19:00 532054 ----a-w- c:\windows\system32\perfh014.dat

2010-01-13 07:32 . 2003-04-25 19:00 105470 ----a-w- c:\windows\system32\perfc014.dat

2010-01-13 07:16 . 2008-05-28 00:44 -------- d-----w- c:\documents and settings\pc\Programdata\uTorrent

2010-01-08 13:48 . 2008-05-22 16:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Avira

2010-01-07 15:01 . 2009-04-13 21:51 -------- d-----w- c:\documents and settings\pc\Programdata\AVI ReComp

2010-01-04 14:13 . 2008-07-12 20:52 -------- d-----w- c:\programfiler\SUPERAntiSpyware

2010-01-04 14:13 . 2008-05-22 15:21 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard

2010-01-04 12:20 . 2007-03-14 19:18 -------- d-----w- c:\programfiler\HP

2010-01-04 11:56 . 2008-06-09 21:28 1 ----a-w- c:\documents and settings\pc\Programdata\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2010-01-04 11:56 . 2008-06-09 21:26 -------- d-----w- c:\documents and settings\pc\Programdata\OpenOffice.org2

2009-12-16 10:19 . 2008-05-29 12:30 -------- d-----w- c:\documents and settings\pc\Programdata\Vso

2009-12-08 10:26 . 2009-11-17 00:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-21 16:03 . 2003-04-25 19:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-10-29 07:45 . 2003-04-25 19:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:41 . 2007-03-14 19:41 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:41 . 2007-03-14 19:41 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-20 16:20 . 2007-03-14 19:41 265728 ------w- c:\windows\system32\drivers\http.sys

2009-10-15 16:39 . 2003-04-25 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-10-15 16:39 . 2003-04-25 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2007-03-17 22:39 . 2007-03-17 22:31 108 -c--a-w- c:\programfiler\tid.bat

2009-09-30 18:36 . 2009-09-30 18:35 48 --sh--w- c:\windows\S064B5E00.tmp

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]

"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-08 2033432]

"Malwarebytes' Anti-Malware"="c:\programfiler\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\pc\Start-meny\Programmer\Oppstart\

Think Green Weather.lnk - c:\programfiler\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-2-5 728576]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\programfiler\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-01-08 13:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2008-03-12 15:11 24576 ----a-w- c:\programfiler\MyColors\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-1993962763-1343024091-1003\Scripts\Logoff]

"Script"=ntosboot.bat

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Mobilt bredbånd.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2003-11-25 20:10 335872 -c--a-w- c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-08-30 14:04 342848 ----a-w- c:\programfiler\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

2004-03-01 12:05 200766 -c--a-w- c:\programfiler\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 16:22 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 16:23 1695232 ------w- c:\programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 15:44 3883856 ----a-w- c:\programfiler\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-11-23 07:43 2001648 ----a-w- c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-02-02 18:11 692316 ----a-w- c:\programfiler\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

2005-02-02 18:12 102492 ----a-w- c:\programfiler\Synaptics\SynTP\SynTPLpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mnmsrvc"=3 (0x3)

"CiSvc"=3 (0x3)

"Irmon"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"ERSvc"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe"

"AGRSMMSG"=AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\DNA\\btdna.exe"=

"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programfiler\\AVG\\AVG9\\avgemc.exe"=

"c:\\Programfiler\\AVG\\AVG9\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG9\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15032:TCP"= 15032:TCP:a

"15032:UDP"= 15032:UDP:aa

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"10000:TCP"= 10000:TCP:BitComet 10000 TCP

"10000:UDP"= 10000:UDP:BitComet 10000 UDP

"25907:TCP"= 25907:TCP:BitComet 25907 TCP

"25907:UDP"= 25907:UDP:BitComet 25907 UDP

"13471:TCP"= 13471:TCP:BitComet 13471 TCP

"13471:UDP"= 13471:UDP:BitComet 13471 UDP

"9575:TCP"= 9575:TCP:BitComet 9575 TCP

"9575:UDP"= 9575:UDP:BitComet 9575 UDP

"17793:TCP"= 17793:TCP:BitComet 17793 TCP

"17793:UDP"= 17793:UDP:BitComet 17793 UDP

"21630:TCP"= 21630:TCP:BitComet 21630 TCP

"21630:UDP"= 21630:UDP:BitComet 21630 UDP

"12000:TCP"= 12000:TCP:BitComet 12000 TCP

"12000:UDP"= 12000:UDP:BitComet 12000 UDP

"9954:TCP"= 9954:TCP:BitComet 9954 TCP

"9954:UDP"= 9954:UDP:BitComet 9954 UDP

"12345:TCP"= 12345:TCP:BitComet 12345 TCP

"12345:UDP"= 12345:UDP:BitComet 12345 UDP

"21799:TCP"= 21799:TCP:BitComet 21799 TCP

"21799:UDP"= 21799:UDP:BitComet 21799 UDP

"14400:TCP"= 14400:TCP:BitComet 14400 TCP

"14400:UDP"= 14400:UDP:BitComet 14400 UDP

"18255:TCP"= 18255:TCP:BitComet 18255 TCP

"18255:UDP"= 18255:UDP:BitComet 18255 UDP

"16740:TCP"= 16740:TCP:BitComet 16740 TCP

"16740:UDP"= 16740:UDP:BitComet 16740 UDP

"23106:TCP"= 23106:TCP:BitComet 23106 TCP

"23106:UDP"= 23106:UDP:BitComet 23106 UDP

"14813:TCP"= 14813:TCP:BitComet 14813 TCP

"14813:UDP"= 14813:UDP:BitComet 14813 UDP

"26290:TCP"= 26290:TCP:BitComet 26290 TCP

"26290:UDP"= 26290:UDP:BitComet 26290 UDP

"13140:TCP"= 13140:TCP:BitComet 13140 TCP

"13140:UDP"= 13140:UDP:BitComet 13140 UDP

"11000:TCP"= 11000:TCP:BitComet 11000 TCP

"11000:UDP"= 11000:UDP:BitComet 11000 UDP

"19849:TCP"= 19849:TCP:BitComet 19849 TCP

"19849:UDP"= 19849:UDP:BitComet 19849 UDP

"12076:TCP"= 12076:TCP:BitComet 12076 TCP

"12076:UDP"= 12076:UDP:BitComet 12076 UDP

"62717:TCP"= 62717:TCP:62717

"62717:UDP"= 62717:UDP:62717

"10437:TCP"= 10437:TCP:10437

"10437:UDP"= 10437:UDP:10437

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

 

R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [14.03.2007 20:14 182101]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.06.2005 13:26 35968]

R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [14.03.2007 20:14 5689]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08.01.2010 14:59 333192]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08.01.2010 14:59 360584]

S1 ClntMgmt;HP Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [14.03.2007 20:17 55336]

S1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 08:43 9968]

S1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 08:43 74480]

S2 avg9emc;AVG Free E-mail Scanner;c:\programfiler\AVG\AVG9\avgemc.exe [08.01.2010 14:59 906520]

S2 avg9wd;AVG Free WatchDog;c:\programfiler\AVG\AVG9\avgwdsvc.exe [08.01.2010 14:59 285392]

S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13.03.2009 18:16 54752]

S2 GtFlashSwitch;GtFlashSwitch;c:\programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 13:48 176128]

S2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [09.01.2010 19:26 236368]

S2 SesamService;Sesam Control Service;c:\programfiler\Telenor\Mobilt bredbånd\Sesam\BIN\SecMIPService.exe [09.05.2008 17:01 1216296]

S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]

S3 GTMM Device Service;GTMM Device Service;c:\programfiler\Telenor\Mobilt bredbånd\GtmmDeviceService.exe [26.11.2008 13:08 106496]

S3 GTMNDISIRPXP;___770870825563361815117810734252422516153;c:\windows\system32\drivers\Gtm51Irp.sys [14.04.2007 04:05 122496]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [14.04.2007 04:06 37120]

S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [07.11.2006 03:32 46976]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09.01.2010 19:26 19160]

S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 08:43 7408]

S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [21.11.2007 10:06 33664]

S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]

S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\VNic.sys [18.02.2009 19:51 50532]

S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [19.10.2007 22:07 468768]

S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\drivers\wtsmpadap.sys [29.04.2008 16:24 39720]

S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\drivers\wtsmpflt.sys [29.04.2008 16:24 272424]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{530EFFA3-7EBC-43E1-9DC2-79601773118D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://tankafett.com/

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-13 09:21

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1085031214-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

 

[HKEY_LOCAL_MACHINE\software\Classes\Applications\bittorrent.exe\shell]

@DACL=(02 0000)

@="open"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]

@DACL=(02 0000)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(244)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\programfiler\MyColors\fastload.dll

.

Tidspunkt ferdig: 2010-01-13 09:24:24

ComboFix-quarantined-files.txt 2010-01-13 08:24

 

Pre-Run: 5 872 070 656 byte ledig

Post-Run: 7 144 583 168 byte ledig

 

- - End Of File - - 16B9DE727FC893829577A99F1CCD7F3B

Endret 13. januar 2010 av nasse222

[norbat]

Oppdater mbam og kjør en ny rask skann i normal modus. Post loggen om den finner noe.

 

Fortsatt problemer med Antivirus Live?

[nasse222]

Oppdater mbam og kjør en ny rask skann i normal modus. Post loggen om den finner noe.

 

Fortsatt problemer med Antivirus Live?

 

Ikke foreløpig

Endret 13. januar 2010 av nasse222

[norbat]

Combofix-loggen viser ikke noe relatert til antivirus live.

 

Avinstaller combofix ved å skrive combofix /uninstall i kjør/søk-feltet.

 

Surf trygt

[nasse222]

thanks!