[Løst] Combofix logg

[Tarzan93]

Hei

 

Jeg tok en scan med comobix. Usikker på om jeg har noe dritt på pcen, men har en liten mistanke. Mbam har ikke funnet noe, derfor jeg ikke har postet logg av mbam.

ComboFix 15-07-23.01 - tarzan 29.07.2015 15:56:09.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.4063.2741 [GMT 2:00]
Kjører fra: c:\users\tarzan\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tarzan\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2015-06-28 til 2015-07-29 )))))))))))))))))))))))))))))))))
.
.
2015-07-29 14:11 . 2015-07-29 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-28 21:07 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6ED027DC-0F64-4F5F-B149-331801664096}\mpengine.dll
2015-07-26 12:33 . 2015-07-26 12:33 -------- d-----w- c:\users\tarzan\AppData\Local\CEF
2015-07-21 13:50 . 2015-07-21 13:50 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 13:50 . 2015-07-21 13:50 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-21 13:50 . 2015-07-21 13:50 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 13:50 . 2015-07-21 13:50 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 13:50 . 2015-07-21 13:50 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-21 13:50 . 2015-07-21 13:50 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-21 13:50 . 2015-07-21 13:50 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-21 13:50 . 2015-07-21 13:50 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 13:50 . 2015-07-21 13:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-21 13:50 . 2015-07-21 13:50 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-18 16:46 . 2015-07-18 16:46 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-18 16:46 . 2015-07-18 16:46 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-18 16:46 . 2015-07-18 16:46 3928064 ----a-w- c:\windows\system32\d2d1.dll
2015-07-18 16:46 . 2015-07-18 16:46 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-07-17 14:42 . 2015-07-17 14:42 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-07-17 14:42 . 2015-07-17 14:42 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-07-17 14:42 . 2015-07-17 14:42 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-17 14:42 . 2015-07-17 14:42 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-07-17 14:42 . 2015-07-17 14:42 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-07-17 14:41 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-07-17 14:41 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-07-17 10:45 . 2015-07-17 10:29 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-07-17 10:36 . 2015-07-17 10:36 859648 ----a-w- c:\windows\system32\tdh.dll
2015-07-17 10:36 . 2015-07-17 10:36 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-07-17 10:36 . 2015-07-17 10:36 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-07-17 10:36 . 2015-07-17 10:36 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-07-17 10:31 . 2015-07-17 10:31 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-07-17 10:31 . 2015-07-17 10:31 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-07-17 10:13 . 2015-07-17 10:29 -------- d-----w- c:\windows\system32\MRT
2015-07-15 20:17 . 2015-07-29 13:03 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-15 20:17 . 2015-07-15 20:17 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-15 20:17 . 2015-07-15 20:17 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-15 20:17 . 2015-07-15 20:17 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-15 20:17 . 2015-07-15 20:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-15 20:17 . 2015-07-15 20:17 -------- d-----w- c:\programdata\Malwarebytes
2015-07-15 20:16 . 2015-07-15 20:16 -------- d-----w- c:\users\tarzan\AppData\Local\Programs
2015-07-15 19:12 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-07-15 19:12 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-07-15 19:10 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 19:10 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-15 01:27 . 2015-07-15 01:27 -------- d-----w- c:\windows\SysWow64\Wat
2015-07-15 01:27 . 2015-07-15 01:27 -------- d-----w- c:\windows\system32\Wat
2015-07-14 21:08 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-14 21:08 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-14 21:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-07-14 21:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-07-14 21:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-07-14 20:51 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-07-14 20:51 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-07-14 20:51 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-07-14 20:51 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-07-14 20:51 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-07-14 20:51 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-07-14 20:50 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-07-14 20:50 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-07-14 18:28 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-07-14 18:28 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-07-14 18:28 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-07-14 18:28 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-07-14 18:26 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2015-07-14 18:26 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2015-07-14 18:26 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2015-07-14 18:26 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2015-07-14 18:25 . 2015-02-03 03:30 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-07-14 18:25 . 2015-02-03 03:30 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-07-14 18:25 . 2015-02-03 03:12 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2015-07-14 18:25 . 2015-02-03 03:12 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2015-07-14 18:23 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-07-14 18:23 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2015-07-14 18:23 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-07-14 18:23 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-07-14 18:23 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-07-14 18:23 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-07-14 18:23 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-07-14 18:23 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2015-07-14 18:21 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2015-07-14 18:20 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2015-07-14 18:19 . 2015-07-14 18:19 357888 ----a-w- c:\windows\system32\dnsapi.dll
2015-07-14 18:19 . 2015-07-14 18:19 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2015-07-14 18:19 . 2015-07-14 18:19 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2015-07-14 18:19 . 2015-07-14 18:19 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2015-07-14 18:19 . 2015-07-14 18:19 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2015-07-14 18:19 . 2015-07-14 18:19 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2015-07-14 18:19 . 2015-07-14 18:19 478208 ----a-w- c:\windows\system32\dpnet.dll
2015-07-14 18:19 . 2015-07-14 18:19 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2015-07-14 18:17 . 2015-07-14 18:17 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-07-14 18:16 . 2015-07-14 18:16 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2015-07-14 18:15 . 2015-07-14 18:15 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-14 18:14 . 2015-07-14 18:14 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2015-07-14 18:14 . 2015-07-14 18:14 67584 ----a-w- c:\windows\SysWow64\packager.dll
2015-07-14 18:14 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2015-07-14 18:12 . 2015-07-14 18:12 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2015-07-14 18:12 . 2015-07-14 18:12 976896 ----a-w- c:\windows\system32\inetcomm.dll
2015-07-14 18:12 . 2015-07-14 18:12 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2015-07-14 18:12 . 2015-07-14 18:12 634880 ----a-w- c:\windows\system32\msvcrt.dll
2015-07-14 18:12 . 2015-07-14 18:12 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2015-07-14 18:12 . 2015-07-14 18:12 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-07-14 18:12 . 2015-07-14 18:12 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-07-14 18:12 . 2015-07-14 18:12 1192448 ----a-w- c:\windows\system32\certutil.exe
2015-07-14 18:12 . 2015-07-14 18:12 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2015-07-14 18:12 . 2015-07-14 18:12 52224 ----a-w- c:\windows\system32\certenc.dll
2015-07-14 18:12 . 2015-07-14 18:12 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2015-07-14 18:11 . 2015-07-14 18:11 202752 ----a-w- c:\windows\system32\scrrun.dll
2015-07-14 18:11 . 2015-07-14 18:11 168960 ----a-w- c:\windows\system32\wscript.exe
2015-07-14 18:11 . 2015-07-14 18:11 156160 ----a-w- c:\windows\system32\cscript.exe
2015-07-14 18:11 . 2015-07-14 18:11 150016 ----a-w- c:\windows\system32\wshom.ocx
2015-07-14 18:11 . 2015-07-14 18:11 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2015-07-14 18:11 . 2015-07-14 18:11 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2015-07-14 18:11 . 2015-07-14 18:11 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2015-07-14 18:11 . 2015-07-14 18:11 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2015-07-14 18:10 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2015-07-14 18:10 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2015-07-14 18:10 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2015-07-14 18:10 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2015-07-14 18:10 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2015-07-14 18:10 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2015-07-14 18:10 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-07-14 18:10 . 2015-07-14 18:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-07-14 18:10 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-07-14 18:10 . 2015-07-14 18:10 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-07-14 18:10 . 2015-07-14 18:10 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-07-14 18:07 . 2015-07-14 18:07 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-27 20:49 . 2015-06-24 22:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-07-27 20:49 . 2015-06-24 22:23 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-27 20:49 . 2015-06-24 22:23 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-24 17:43 . 2015-07-24 17:43 10752 ----a-w- c:\windows\help\OEM\Scripts\SolExternalHDD.exe
2015-07-24 17:43 . 2015-07-24 17:43 21048 ----a-w- c:\windows\help\OEM\Scripts\HPSADeployer.exe
2015-07-14 18:16 . 2015-07-14 18:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-14 14:59 . 2009-07-13 23:19 17488 ----a-w- c:\windows\system32\drivers\viaide.sys
2015-07-14 14:59 . 2009-07-13 23:19 15440 ----a-w- c:\windows\system32\drivers\amdide.sys
2015-07-14 14:59 . 2009-07-13 23:19 17488 ----a-w- c:\windows\system32\drivers\cmdide.sys
2015-07-14 14:59 . 2009-07-13 23:19 16960 ----a-w- c:\windows\system32\drivers\intelide.sys
2015-07-13 19:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-07-13 19:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-07-08 21:26 . 2015-07-08 21:26 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-07-08 21:26 . 2015-07-08 21:26 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-07-08 21:25 . 2015-07-08 21:25 2175488 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-06-25 13:49 . 2015-06-25 13:49 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2015-06-25 13:49 . 2015-06-25 13:49 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2015-06-25 13:49 . 2015-06-25 13:49 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2015-06-25 13:49 . 2015-06-25 13:49 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2015-06-25 12:27 . 2015-07-24 17:44 5632 ----a-w- c:\windows\help\OEM\Scripts\HC_HPSFinFocus.exe
2015-06-25 12:27 . 2015-07-24 17:43 21304 ----a-w- c:\windows\help\OEM\Scripts\Solution_RecoveryPgm.exe
2015-06-24 22:59 . 2015-06-24 22:59 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2015-06-24 22:42 . 2015-06-24 22:23 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-06-23 11:30 . 2015-06-17 21:51 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-19 13:53 . 2015-07-24 17:43 19768 ----a-w- c:\windows\help\OEM\Scripts\HC_SREnable.exe
2015-06-19 13:53 . 2015-07-24 17:43 19768 ----a-w- c:\windows\help\OEM\Scripts\HC_GuestEnabled.exe
2015-06-18 15:55 . 2015-07-24 17:43 23816 ----a-w- c:\windows\help\OEM\Scripts\HPSAScript.exe
2015-06-17 21:28 . 2009-09-02 05:17 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
2015-06-17 20:21 . 2015-06-17 20:21 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2015-06-17 20:21 . 2015-06-17 20:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2015-06-17 20:21 . 2015-06-17 20:21 3553280 ----a-w- c:\windows\system32\bcmihvui64.dll
2015-06-17 20:21 . 2015-06-17 20:21 3888640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2015-06-17 20:21 . 2015-06-17 20:21 2769400 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-05 12:35 . 2015-06-05 12:35 104584 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-06-05 12:35 . 2015-06-05 12:35 45856 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-06-05 12:35 . 2015-06-05 12:35 797256 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-06-05 12:35 . 2015-06-05 12:35 20672 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-06-05 12:34 . 2015-06-05 12:34 41224 ----a-w- c:\windows\system32\cmdcsr.dll
2015-06-05 12:34 . 2015-06-05 12:34 444448 ----a-w- c:\windows\SysWow64\guard32.dll
2015-06-05 12:34 . 2015-06-05 12:34 576824 ----a-w- c:\windows\system32\guard64.dll
2015-06-05 12:33 . 2015-06-05 12:33 358080 ----a-w- c:\windows\system32\cmdvrt64.dll
2015-06-05 12:32 . 2015-06-05 12:32 45760 ----a-w- c:\windows\system32\cmdkbd64.dll
2015-06-05 12:31 . 2015-06-05 12:31 288448 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2015-06-05 12:31 . 2015-06-05 12:31 40640 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2015-05-18 15:19 . 2015-07-24 17:43 34616 ----a-w- c:\windows\help\OEM\Scripts\PSGRedirector.exe
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
"Spotify Web Helper"="c:\users\tarzan\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-22 2008632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-02 148888]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-06-02 134368]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-07-27 782008]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2015-06-25 2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2015-6-1 48832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-24 17:33 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2015-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-25 14:42]
.
2015-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-25 14:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-02 171520]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-06-05 1427648]
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_NO&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Søkefunksjon i AOL-verktrylinjen - c:\programdata\AOL\ieToolbar\resources\nb-NO\local\search.html
TCP: DhcpNameServer = 192.168.37.1
FF - ProfilePath - c:\users\tarzan\AppData\Roaming\Mozilla\Firefox\Profiles\l2avxpwj.default\
.
- - - - TOMME PEKERE FJERNET - - - -
.
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2015-07-29 16:30:33 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2015-07-29 14:30
.
Pre-Run: 427 181 719 552 byte ledig
Post-Run: 426 786 697 216 byte ledig
.
- - End Of File - - 8FDE2842CE0622BEEB1F714AEC5A7083
598925F6EC79C5D82CB642DBE9A29B3A

 

Endret 29. juli 2015 av Tarzan93

[Gavekort]

Hvorfor kjører du Combofix når du er usikker? Combofix er ment som siste utvei, og kan fort være destruktivt.

[Tarzan93]

Hvorfor kjører du Combofix når du er usikker? Combofix er ment som siste utvei, og kan fort være destruktivt.

For å avdekke om det er noe der. Har brukt Combofix i mange år. Alltid gjort det for å poste logg på forum. Uansett så er comobfix i guiden til å fjerne virus. 

 

Var veldig mye på denne delen av forumet for mange år siden. Da hadde jeg en annen bruker.

 

Jeg er litt mistenksom overfor virus, men er ikke sikker. Har ikke funnet noe med avira, eller mbam, men har sett små tegn. Blant annet ble avira plutselig deaktivert i går kveld. PC-en er også treig, men det er også blitt 6 år gammel så det kan være grunnen, men det er ingen tunge programmer som kjører. 

Endret 29. juli 2015 av Tarzan93

[Gavekort]

Det går sikkert fint denne gangen, men jeg ville vært forsiktig med å bruke Combofix. Vanligvis bruker jeg det kun om en servicemaskin er hijacket, eller ikke kan logges inn og brukes normalt.

 

Du kan prøve å bruke Hijackthis (poste logger), SuperAntiSpyware og Hitman Pro.

[Tarzan93]

Det går sikkert fint denne gangen, men jeg ville vært forsiktig med å bruke Combofix. Vanligvis bruker jeg det kun om en servicemaskin er hijacket, eller ikke kan logges inn og brukes normalt.

 

Du kan prøve å bruke Hijackthis (poste logger), SuperAntiSpyware og Hitman Pro.

Ok. Ja, følte det var tryggere å bruke combofix for å få renset skikkelig. Har vært innom litt tvilsomme nettsider, også. 

 

Hijackthis har jeg mye erfaring med. Flott program. Kan teste hitman pro. Aldri brukt det før. Superantispyware er også flott. Helt glemt det. Skal laste det ned nå!

 

jeg kan egentlig fjerne combofix. (?) Jeg trodde jeg hadde litt grums, så er derfor jeg kjørte den. Vanligvis bruker jeg heller HJT ,eller ddsr? (hvis jeg husker riktig navn). 

 

Så combofix fjernet noe. Jeg er ikke flink til å tolke disse loggene. Vet du hva det er ? " c:\users\tarzan\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll"  Hører til Avira ser det ut som. 

Endret 29. juli 2015 av Tarzan93