ComboFix 12-04-20.02 - doug 20-apr-12 11:42:21.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1033.18.1979.834 [GMT 1:00] Körs från: c:\users\doug\Desktop\ComboFix.exe AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Skapade en ny återställningspunkt . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\doug\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\system32\roboot.exe . . (((((((((((((((((((((((( Filer skapade från 2012-03-20 till 2012-04-20 )))))))))))))))))))))))))))))) . . 2012-04-20 10:55 . 2012-04-20 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-19 08:31 . 2012-04-19 08:47 -------- d-----w- C:\Books 2012-04-16 13:03 . 2012-04-16 13:03 -------- d-----w- c:\programdata\AMMYY 2012-04-14 09:35 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-14 09:23 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-14 09:23 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-14 09:23 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-14 09:23 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-14 09:23 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-14 09:23 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 14:32 . 2012-04-12 14:32 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-04-11 23:34 . 2012-04-12 23:15 -------- d-----w- c:\windows\system32\drivers\N360\0601020.00A 2012-04-11 23:30 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 23:30 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-04-11 23:30 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-04-11 23:30 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-04-11 23:30 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-04-11 23:30 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-04-11 23:28 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-11 23:28 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-11 23:28 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-11 23:28 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-04-11 23:28 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-11 23:28 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-18 03:50 . 2012-02-18 03:50 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-18 03:50 . 2012-02-18 03:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-18 03:50 . 2012-02-18 03:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-18 03:50 . 2012-02-18 03:50 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-18 03:50 . 2012-02-18 03:50 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-18 03:50 . 2012-02-18 03:50 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-18 03:50 . 2012-02-18 03:50 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-18 03:50 . 2012-02-18 03:50 367104 ----a-w- c:\windows\system32\html.iec 2012-02-18 03:50 . 2012-02-18 03:50 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-18 03:50 . 2012-02-18 03:50 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-18 03:50 . 2012-02-18 03:50 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-18 03:50 . 2012-02-18 03:50 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-18 03:50 . 2012-02-18 03:50 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-18 03:50 . 2012-02-18 03:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-18 03:50 . 2012-02-18 03:50 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-18 03:50 . 2012-02-18 03:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-18 03:50 . 2012-02-18 03:50 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-16 04:25 . 2010-05-23 03:45 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 1997-11-30 02:43 . 2010-09-06 08:56 174592 ----a-w- c:\program files\ref_soft.dll 1997-11-30 02:42 . 2010-09-06 08:56 214528 ----a-w- c:\program files\ref_gl.dll 1997-11-30 02:41 . 2010-09-06 08:56 291328 ----a-w- c:\program files\quake2.exe 1997-11-25 16:19 . 2010-09-06 08:56 227328 ----a-w- c:\program files\pvrgl.dll 1997-11-16 18:52 . 2010-09-06 08:56 142336 ----a-w- c:\program files\3dfxgl.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680] "Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036] "UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-10 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-10 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-10 151064] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-9 828704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 136176] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-10 286248] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-07-10 33320] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128] R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 136176] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-17 1343400] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0601020.00A\SYMDS.SYS [2011-08-16 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0601020.00A\SYMEFA.SYS [2011-11-24 905336] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [2012-04-02 821880] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0601020.00A\ccSetx86.sys [2011-11-04 132744] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120419.001\IDSvix86.sys [2012-04-12 368248] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0601020.00A\Ironx86.SYS [2011-11-17 149624] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0601020.00A\SYMNETS.SYS [2011-11-17 318584] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920] S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-25 537840] S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232] S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-12 106104] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880] . . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR *Deregistered* - BMLoad . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:03] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:03] . 2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-506378938-4109489253-3519767588-1000Core.job - c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 13:33] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-506378938-4109489253-3519767588-1000UA.job - c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 13:33] . 2012-04-11 c:\windows\Tasks\HPCeeScheduleFordoug.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-21 21:38] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.searchqu.com/406 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_SE&c=94&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: bmnet.dll TCP: DhcpNameServer = 192.168.0.254 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . Toolbar-10 - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1" . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'lsass.exe'(540) c:\windows\system32\bmnet.dll . Sluttid: 2012-04-20 11:58:14 ComboFix-quarantined-files.txt 2012-04-20 10:58 . Före genomsökningen: 194 181 296 128 bytes free Efter genomsökningen: 194 189 877 248 bytes free . - - End Of File - - 48B8A3AA5ED7459F8735066E3CA6FA23