ComboFix 11-06-17.04 - NewSilver 18.06.2011 12:23:09.1.2 - x86 Microsoft Windows 7 Home Premium N 6.1.7600.0.1252.47.1044.18.2046.1097 [GMT 2:00] Kjører fra: c:\users\NewSilver\Desktop\ComboFix.exe AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-05-18 til 2011-06-18 ))))))))))))))))))))))))))))))))) . . 2011-06-18 10:47 . 2011-06-18 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-17 16:39 . 2011-06-17 16:39 -------- d-----w- c:\users\NewSilver\AppData\Roaming\Malwarebytes 2011-06-17 16:39 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-17 16:39 . 2011-06-17 16:39 -------- d-----w- c:\programdata\Malwarebytes 2011-06-17 16:39 . 2011-06-17 16:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-17 16:39 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-17 10:39 . 2011-06-17 10:39 -------- d-----w- c:\users\NewSilver\AppData\Local\ElevatedDiagnostics 2011-06-17 09:57 . 2011-06-17 09:57 -------- d-----w- c:\windows\system32\EventProviders 2011-06-17 09:56 . 2011-06-17 10:57 -------- d-----w- C:\93de774c98fb86c8a68a7704 2011-06-16 19:44 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-16 19:44 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 19:44 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 19:44 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 19:43 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 19:43 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-16 19:43 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 19:43 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 19:43 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-16 19:43 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 19:43 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 19:43 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 20:09 . 2011-06-15 20:09 -------- d-----w- c:\program files\Wimp 2011-05-24 21:04 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-24 16:20 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-11 14:43 . 2011-01-29 09:44 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-04-09 06:13 . 2011-05-11 03:52 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 03:52 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-03-31 03:00 . 2011-05-10 08:46 516216 ----a-w- c:\windows\system32\drivers\NIS\1206000.01D\srtsp.sys 2011-03-31 03:00 . 2011-05-10 08:46 50168 ----a-w- c:\windows\system32\drivers\NIS\1206000.01D\srtspx.sys 2011-03-25 03:06 . 2011-05-11 03:52 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-03-25 03:06 . 2011-05-11 03:52 284160 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-03-25 03:06 . 2011-05-11 03:52 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-03-25 03:06 . 2011-05-11 03:52 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-03-25 03:06 . 2011-05-11 03:52 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-03-25 03:06 . 2011-05-11 03:52 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-03-25 03:06 . 2011-05-11 03:52 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-03-22 00:39 . 2011-05-10 08:46 296568 ----a-w- c:\windows\system32\drivers\NIS\1206000.01D\symnets.sys . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-28 1343400] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvix86.sys [2011-06-03 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS [2011-03-22 296568] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712] S3 netw5v32;Intel(R) trådløs WiFi-kobling 5000-kortdriver for 32-biters Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 13:33] . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 13:33] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 10.0.0.138 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2011-06-18 12:50:32 ComboFix-quarantined-files.txt 2011-06-18 10:50 . Pre-Run: 71 750 017 024 byte ledig Post-Run: 71 945 613 312 byte ledig . - - End Of File - - FDB2570EF628766D9420ECE44E5DB363