ComboFix 12-01-03.04 - Admin 03.01.2012  18:22:55.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.47.1033.18.4094.2535 [GMT 1:00]
Kjører fra: h:\back'n'forth\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Opprettet nytt gjenopprettingspunkt
.
.
(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Local\ROMUpdateUtility.exe
c:\users\Admin\AppData\Local\RUUGetInfo.exe
c:\users\Admin\AppData\Local\Temp\sfamcc00001.dll
c:\users\Admin\AppData\Local\Temp\sfareca00001.dll
c:\users\Admin\libsqlitejdbc-1511951825798958588.lib
c:\users\Admin\libsqlitejdbc-1651102870383678516.lib
c:\users\Admin\libsqlitejdbc-2109648599152330960.lib
c:\users\Admin\libsqlitejdbc-3200359182272943663.lib
c:\users\Admin\libsqlitejdbc-3761345435125555308.lib
c:\users\Admin\libsqlitejdbc-5367650134883043680.lib
c:\users\Admin\libsqlitejdbc-5680231531379386958.lib
c:\users\Admin\libsqlitejdbc-617048092983626517.lib
c:\users\Admin\libsqlitejdbc-7044550284887973840.lib
c:\users\Admin\libsqlitejdbc-7170903932122837279.lib
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2011-12-03 til 2012-01-03  )))))))))))))))))))))))))))))))))
.
.
2012-01-03 17:28 . 2012-01-03 17:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-01-03 17:28 . 2012-01-03 17:28	--------	d-----w-	c:\users\sshdsvc\AppData\Local\temp
2012-01-03 16:35 . 2012-01-03 16:35	--------	d-----w-	c:\program files\HitmanPro
2012-01-03 16:35 . 2012-01-03 16:35	--------	d-----w-	c:\programdata\HitmanPro
2012-01-03 15:51 . 2012-01-03 15:51	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2012-01-03 15:51 . 2012-01-03 15:51	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-03 15:51 . 2012-01-03 15:51	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-03 15:51 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-21 01:32 . 2011-12-21 01:32	--------	d-----w-	c:\users\Admin\AppData\Local\XboxMB
2011-12-21 01:32 . 2011-12-21 01:32	--------	d-----w-	c:\users\Admin\AppData\Local\Xenocode
2011-12-21 01:32 . 2011-12-21 01:32	--------	d-----w-	c:\program files (x86)\Xenocode
2011-12-17 22:04 . 2011-12-27 20:27	--------	d-----w-	c:\users\Admin\AppData\Roaming\redsn0w
2011-12-16 17:25 . 2011-12-16 17:25	--------	d-----w-	c:\users\Admin\AppData\Local\Vitalwerks
2011-12-16 17:25 . 2011-12-16 17:25	--------	d-----w-	c:\program files (x86)\No-IP
2011-12-11 19:06 . 2011-12-11 19:06	--------	d-----w-	c:\programdata\PMS
2011-12-09 17:06 . 2011-12-09 17:06	--------	d-----w-	c:\program files (x86)\Analog Devices
2011-12-09 17:06 . 2006-07-10 13:42	49152	------w-	c:\windows\SysWow64\DSndUp.exe
2011-12-09 17:06 . 2002-04-17 13:05	45056	------w-	c:\windows\SysWow64\CleanUp.exe
2011-12-09 17:05 . 2011-12-09 17:05	303236	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-12-09 17:05 . 2011-12-09 17:05	180356	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-12-09 17:05 . 2004-04-18 22:42	733184	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-12-09 17:05 . 2004-04-18 22:40	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-12-09 17:05 . 2004-04-18 22:39	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-12-09 17:05 . 2004-04-18 22:39	172032	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-12-09 17:05 . 2004-04-18 22:39	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-12-09 17:05 . 2004-04-18 22:36	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2011-07-17 . 85AC9E8530C4ACD1170AC76FED9EB3B3 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2010-10-17 1259008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-18 1423520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ExtremeZ-IP;ExtremeZ-IP File and Print Server for Macintosh [PEGASUS];c:\program files (x86)\Group Logic\ExtremeZ-IP\ExtremeZ-IP.EXE [2009-04-09 12:26 3368248]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 rr232x;rr232x;c:\windows\system32\DRIVERS\rr232x.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S2 hptsvr;hptsvr;c:\program files (x86)\HighPoint Technologies, Inc.\HighPoint RAID Management Software\service\hptsvr.exe [2006-09-13 45056]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MobaSSH1;MobaSSH;c:\windows\SysWOW64\MobaSSH.exe [2010-12-09 23181824]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
S2 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 345688]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 151040]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 212.169.123.67 212.45.188.254
TCP: Interfaces\{06E1CF8D-F518-4C31-8D52-E6A752ABEB45}: NameServer = 10.0.0.138
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zpors89e.default\
FF - prefs.js: browser.startup.homepage - hxxp://nb-NO.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nb-NO:official
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - TOMME PEKERE FJERNET - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-HighPoint RAID Management Software - c:\program files (x86)\HighPoint Technologies
AddRemove-HighPoint Web RAID Management Service - c:\program files (x86)\HighPoint Technologies
AddRemove-MobaSSH - c:\windows\system32\mobassh_console.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_USERS\S-1-5-21-1197532350-593404396-1637432814-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DDA9D6C-D122-9093-9F5E-99B3FD314FAF}*]
"padhnhefihlmaljapmcaomcecccapemd"=hex:6b,61,70,6a,64,70,66,6d,63,6f,63,62,6a,
   68,6d,62,6d,67,67,63,6a,6b,00,00
"oanhdmjlcandfhabbcoecogmcohekm"=hex:6b,61,70,6a,67,70,69,66,6a,65,68,66,66,6f,
   6f,6e,67,6b,62,6e,66,66,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe
c:\program files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
c:\cygwin\usr\sbin\sshd.exe
c:\windows\SysWOW64\java.exe
c:\program files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2012-01-03  18:36:25 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt  2012-01-03 17:36
.
Pre-Run: 295 514 112 bytes free
Post-Run: 617 500 672 bytes free
.
- - End Of File - - 0F07ABC6F91DD0C274F5AE0BE6F84DF1