ComboFix 11-06-19.0r1 - Haris 21.06.2011 0:15.2.2 - x86 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.3070.2328 [GMT 2:00] Kjører fra: c:\users\Haris\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Haris\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5844F652-B6FC-4687-8C3F-AC1B488B8770}.xps . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-05-20 til 2011-06-20 ))))))))))))))))))))))))))))))))) . . 2011-06-20 22:20 . 2011-06-20 22:22 -------- d-----w- c:\users\Haris\AppData\Local\temp 2011-06-20 22:20 . 2011-06-20 22:20 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-06-20 22:20 . 2011-06-20 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-20 13:26 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-19 21:02 . 2011-06-20 13:21 1257834 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-06-17 10:53 . 2011-05-09 20:46 6962000 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB543DCF-7E5E-4589-A4D3-DBADF099333D}\mpengine.dll 2011-06-17 10:43 . 2011-06-17 10:43 -------- d-----w- C:\bd202940eb7064f356da472b252e 2011-06-17 10:42 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-17 10:42 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-17 10:42 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-16 14:36 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-16 14:36 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 14:36 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 14:36 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-16 13:16 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 13:16 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 13:16 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 13:16 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 13:16 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 13:16 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-11 19:52 . 2011-06-11 19:52 -------- d--h--w- c:\windows\system32\SPReview 2011-06-11 19:22 . 2011-06-11 19:22 -------- d--h--w- c:\windows\system32\EventProviders 2011-06-08 22:13 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-06-08 22:13 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2011-06-08 22:13 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll 2011-06-08 22:13 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2011-06-08 22:11 . 2010-11-20 12:30 173440 ----a-w- c:\windows\system32\drivers\rdyboost.sys 2011-06-08 22:10 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll 2011-06-08 22:10 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll 2011-06-08 22:10 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe 2011-06-08 22:10 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll 2011-06-08 22:10 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll 2011-05-28 18:36 . 2011-06-16 20:18 -------- d--h--w- c:\users\Haris\AppData\Roaming\go 2011-05-28 18:36 . 2011-06-16 21:58 -------- d--h--w- c:\programdata\Easybits GO . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-11 20:00 . 2009-07-14 02:05 152576 ---ha-w- c:\windows\system32\msclmd.dll 2011-04-09 06:02 . 2011-05-11 16:28 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 16:28 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-19 13:25 123904 ----a-w- c:\windows\system32\poqexec.exe . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R0 rhla;rhla;c:\windows\System32\drivers\vpnghu.sys [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 136176] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 BthAvrcp;Bluetooth-AVRCP-profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 11:24 451872 ---ha-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 12:08] . 2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 12:08] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyServer = 172.17.195.12:8080 uInternet Settings,ProxyOverride = IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . Supplementary scan did not complete! . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2011-06-21 00:25:28 ComboFix-quarantined-files.txt 2011-06-20 22:25 . . Post-Run: 271 312 416 768 byte ledig . - - End Of File - - 41D506302D55096CE20E82650D78F767