Logga in
Bli medlem
datorn låser sig fortfarande när jag jag kör Combofix med CFScript. Låsningen sker först efter det att återställningspunkt har skapats och texten om att detta inte bör ta mer än 10 minuter har kommit fram .
Under uppstart av Combofix kommer två rutor upp som varnar för att gå vidare på grund av Norton 360. Tidigare har du sagt att jag skall klicka mig vidare här och det funkar ju väl när jag kör Combofix utan CFScript.
Kan jag göra något mer för att får CFScript att funka med Combofix?
Innan jag kör CFScript/Combofix stänger jag av Avast och Malewarebytes. Något mer jag bör stänga av / inaktivera?
Bifogar igen DDS-loggen.
.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by agare at 20:56:12 on 2012-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1061 [GMT 2:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program\WatchGuard\Mobile VPN\ncpsec.exe
C:\Program\PortWise\Access Client\AccessClient-Service.exe
C:\Program\WatchGuard\Mobile VPN\rwsrsu.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program\Ahead\InCD\InCD.exe
C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program\WatchGuard\Mobile VPN\NcpBudgetGui.exe
C:\Program\WatchGuard\Mobile VPN\ncpmon.exe
C:\Program\WatchGuard\Mobile VPN\rwsrsu.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Net iD\iid.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Nike+ Utility\Nike+ Utility.exe
C:\Program\Windows Desktop Search\WindowsSearch.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program\canon\easy-webprint\Toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [NBJ] "c:\program\ahead\nero backitup\NBJ.exe"
uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
mRun: [ATICCC] "c:\program\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [Google Quick Search Box] "c:\program\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [OpwareSE2] "c:\program\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program\ahead\incd\InCD.exe
mRun: [Adobe Photo Downloader] "c:\program\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [RemoteControl] c:\program\cyberlink\powerdvd\PDVDServ.exe
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NcpBudgetGui] "c:\program\watchguard\mobile vpn\NcpBudgetGui.exe" -start
mRun: [NcpPopup] "c:\program\watchguard\mobile vpn\ncppopup.exe" noerrmsg
mRun: [NcpMonitor] "c:\program\watchguard\mobile vpn\ncpmon.exe" autorun
mRun: [NcpRsuGui] "c:\program\watchguard\mobile vpn\rwsrsu.exe" -gui
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Net iD] "c:\program\net id\iid.exe"
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program\delade filer\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\agare\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\nike_u~1.lnk - c:\program\nike+ utility\Nike+ Utility.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe
IE: E&xportera till Microsoft Excel - c:\program\micros~3\office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Ski&cka till OneNote - c:\program\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://outside.comhem.com/wa/AccessClientLoader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250792942406
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.fujidirekt.se/asp/_upload/activex/ImageUploader7.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A596260-169D-462F-92C0-EA1504C2796B} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program\delade filer\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\agare\application data\mozilla\firefox\profiles\33cdtdca.default\
FF - plugin: c:\program\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\program\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll
FF - plugin: c:\program\mozilla firefox\plugins\npOGAPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-24 337880]
R1 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2009-10-11 39552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-24 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-7-29 44768]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-28 10384]
R2 MBAMService;MBAMService;c:\program\malwarebytes' anti-malware\mbamservice.exe [2009-8-24 652360]
R2 ncpclcfg;ncpclcfg;c:\program\watchguard\mobile vpn\ncpclcfg.exe [2009-11-16 86016]
R2 ncprwsnt;ncprwsnt;c:\program\watchguard\mobile vpn\NCPRWSNT.EXE [2009-11-16 1065480]
R2 NcpSec;NcpSec;c:\program\watchguard\mobile vpn\NCPSEC.EXE [2009-11-16 32768]
R2 pwClientService;PortWise Client Service;c:\program\portwise\access client\AccessClient-Service.exe [2011-4-26 177392]
R2 rwsrsu;RwsRsu;c:\program\watchguard\mobile vpn\rwsrsu.exe [2009-11-16 850432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-24 20464]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-16 79528]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 esgiguard;esgiguard;\??\c:\program\enigma software group\spyhunter\esgiguard.sys --> c:\program\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 kwwalpgr;kwwalpgr;\??\c:\docume~1\agare\lokala~1\temp\kwwalpgr.sys --> c:\docume~1\agare\lokala~1\temp\kwwalpgr.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2011-5-4 28160]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-4-14 20736]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-16 79528]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-16 79528]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-6-29 18432]
S3 osppsvc;Office Software Protection Platform;c:\program\delade filer\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2012-04-10 18:39:38 -------- d-s---w- C:\ComboFix
2012-04-08 19:53:55 98816 ----a-w- c:\windows\sed.exe
2012-04-08 19:53:55 518144 ----a-w- c:\windows\SWREG.exe
2012-04-08 19:53:55 256000 ----a-w- c:\windows\PEV.exe
2012-04-08 19:53:55 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-06 18:45:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57:40 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07:15 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 20:59:35,08 ===============
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by agare at 20:56:12 on 2012-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1061 [GMT 2:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program\WatchGuard\Mobile VPN\ncpsec.exe
C:\Program\PortWise\Access Client\AccessClient-Service.exe
C:\Program\WatchGuard\Mobile VPN\rwsrsu.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program\Ahead\InCD\InCD.exe
C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program\WatchGuard\Mobile VPN\NcpBudgetGui.exe
C:\Program\WatchGuard\Mobile VPN\ncpmon.exe
C:\Program\WatchGuard\Mobile VPN\rwsrsu.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Net iD\iid.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Nike+ Utility\Nike+ Utility.exe
C:\Program\Windows Desktop Search\WindowsSearch.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program\canon\easy-webprint\Toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [NBJ] "c:\program\ahead\nero backitup\NBJ.exe"
uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
mRun: [ATICCC] "c:\program\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [Google Quick Search Box] "c:\program\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [OpwareSE2] "c:\program\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program\ahead\incd\InCD.exe
mRun: [Adobe Photo Downloader] "c:\program\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [RemoteControl] c:\program\cyberlink\powerdvd\PDVDServ.exe
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NcpBudgetGui] "c:\program\watchguard\mobile vpn\NcpBudgetGui.exe" -start
mRun: [NcpPopup] "c:\program\watchguard\mobile vpn\ncppopup.exe" noerrmsg
mRun: [NcpMonitor] "c:\program\watchguard\mobile vpn\ncpmon.exe" autorun
mRun: [NcpRsuGui] "c:\program\watchguard\mobile vpn\rwsrsu.exe" -gui
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Net iD] "c:\program\net id\iid.exe"
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program\delade filer\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\agare\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\nike_u~1.lnk - c:\program\nike+ utility\Nike+ Utility.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe
IE: E&xportera till Microsoft Excel - c:\program\micros~3\office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Ski&cka till OneNote - c:\program\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://outside.comhem.com/wa/AccessClientLoader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250792942406
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.fujidirekt.se/asp/_upload/activex/ImageUploader7.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A596260-169D-462F-92C0-EA1504C2796B} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program\delade filer\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\agare\application data\mozilla\firefox\profiles\33cdtdca.default\
FF - plugin: c:\program\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\program\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll
FF - plugin: c:\program\mozilla firefox\plugins\npOGAPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-24 337880]
R1 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2009-10-11 39552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-24 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-7-29 44768]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-28 10384]
R2 MBAMService;MBAMService;c:\program\malwarebytes' anti-malware\mbamservice.exe [2009-8-24 652360]
R2 ncpclcfg;ncpclcfg;c:\program\watchguard\mobile vpn\ncpclcfg.exe [2009-11-16 86016]
R2 ncprwsnt;ncprwsnt;c:\program\watchguard\mobile vpn\NCPRWSNT.EXE [2009-11-16 1065480]
R2 NcpSec;NcpSec;c:\program\watchguard\mobile vpn\NCPSEC.EXE [2009-11-16 32768]
R2 pwClientService;PortWise Client Service;c:\program\portwise\access client\AccessClient-Service.exe [2011-4-26 177392]
R2 rwsrsu;RwsRsu;c:\program\watchguard\mobile vpn\rwsrsu.exe [2009-11-16 850432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-24 20464]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-16 79528]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 esgiguard;esgiguard;\??\c:\program\enigma software group\spyhunter\esgiguard.sys --> c:\program\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 kwwalpgr;kwwalpgr;\??\c:\docume~1\agare\lokala~1\temp\kwwalpgr.sys --> c:\docume~1\agare\lokala~1\temp\kwwalpgr.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2011-5-4 28160]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-4-14 20736]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-16 79528]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-16 79528]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-6-29 18432]
S3 osppsvc;Office Software Protection Platform;c:\program\delade filer\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2012-04-10 18:39:38 -------- d-s---w- C:\ComboFix
2012-04-08 19:53:55 98816 ----a-w- c:\windows\sed.exe
2012-04-08 19:53:55 518144 ----a-w- c:\windows\SWREG.exe
2012-04-08 19:53:55 256000 ----a-w- c:\windows\PEV.exe
2012-04-08 19:53:55 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-06 18:45:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57:40 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07:15 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 20:59:35,08 ===============
Citera flera inlägg
