Still same.
ComboFix 11-03-20.03 - Jonte 2011-03-21 17:35:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1023.604 [GMT 1:00]
Körs från: c:\documents and settings\Jonte\Mina dokument\Hämtade filer\Combo-Fix.exe
AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2011 10.51 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((( Filer Skapade från 2011-02-21 till 2011-03-21 ))))))))))))))))))))))))))))))
.
.
2011-03-17 15:30 . 2011-03-17 15:30 -------- d-----w- c:\documents and settings\Jonte\Lokala inställningar\Application Data\Sony
2011-03-17 15:21 . 2011-03-17 15:21 -------- d-----w- c:\program\Delade filer\Sony Shared
2011-03-17 15:21 . 2011-03-17 15:21 -------- d-----w- c:\documents and settings\Jonte\Lokala inställningar\Application Data\Downloaded Installations
2011-03-17 15:20 . 2011-03-18 18:20 -------- d-----w- c:\program\Sony
2011-03-17 15:06 . 2011-03-17 15:06 -------- d-----w- c:\documents and settings\Jonte\Lokala inställningar\Application Data\Apple
2011-03-17 15:06 . 2011-03-17 15:06 -------- d-----w- c:\program\Apple Software Update
2011-03-17 15:06 . 2011-03-17 15:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2011-03-17 15:04 . 2011-03-17 15:04 -------- d-----w- c:\documents and settings\Jonte\Lokala inställningar\Application Data\Apple Computer
2011-03-17 14:52 . 2011-03-17 15:02 -------- d-----w- c:\program\Sony Media Go Install
2011-03-17 14:52 . 2011-03-17 15:30 -------- d-----w- c:\documents and settings\Jonte\Application Data\Sony
2011-03-16 13:36 . 2010-03-01 10:43 10992 ----a-w- c:\windows\system32\drivers\s1039cr.sys
2011-03-16 13:36 . 2010-03-01 10:43 25456 ----a-w- c:\windows\system32\drivers\s1039nd5.sys
2011-03-16 13:36 . 2010-03-01 10:43 123504 ----a-w- c:\windows\system32\drivers\s1039unic.sys
2011-03-16 13:36 . 2010-03-01 10:43 98672 ----a-w- c:\windows\system32\drivers\s1039bus.sys
2011-03-16 13:36 . 2010-03-01 10:43 14960 ----a-w- c:\windows\system32\drivers\s1039mdfl.sys
2011-03-16 13:36 . 2010-03-01 10:43 12528 ----a-w- c:\windows\system32\drivers\s1039cmnt.sys
2011-03-16 13:36 . 2010-03-01 10:43 12528 ----a-w- c:\windows\system32\drivers\s1039cm.sys
2011-03-16 13:36 . 2010-03-01 10:43 124016 ----a-w- c:\windows\system32\drivers\s1039mdm.sys
2011-03-16 13:36 . 2010-03-01 10:43 12400 ----a-w- c:\windows\system32\drivers\s1039whnt.sys
2011-03-16 13:36 . 2010-03-01 10:43 12400 ----a-w- c:\windows\system32\drivers\s1039wh.sys
2011-03-16 13:36 . 2010-03-01 10:43 117872 ----a-w- c:\windows\system32\drivers\s1039mgmt.sys
2011-03-16 13:36 . 2010-03-01 10:43 113904 ----a-w- c:\windows\system32\drivers\s1039obex.sys
2011-03-16 13:35 . 2011-03-16 13:35 -------- d-----w- c:\program\Sony Ericsson
2011-03-16 13:35 . 2011-03-16 13:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony Ericsson
2011-03-16 13:34 . 2011-03-16 13:38 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-03-16 13:32 . 2011-03-16 13:32 -------- d-----w- c:\documents and settings\NetworkService.NT INSTANS\Application Data\Xfire
2011-03-15 15:56 . 2011-03-15 15:56 -------- d-----w- c:\documents and settings\Jonte\Application Data\Malwarebytes
2011-03-15 15:56 . 2011-03-15 15:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-03-15 15:56 . 2011-03-18 17:43 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2011-03-15 14:43 . 2008-04-13 19:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-14 19:44 . 2011-03-14 19:44 -------- d-----w- C:\_OTL
2011-03-14 19:19 . 2011-03-14 19:19 -------- d-----w- c:\program\Sun
2011-03-13 18:41 . 2011-03-13 18:41 76920 ----a-w- c:\windows\system32\drivers\SMR162.SYS
2011-03-13 18:41 . 2011-03-13 18:41 -------- d-----w- c:\documents and settings\Jonte\Lokala inställningar\Application Data\NPE
2011-03-13 18:39 . 2011-03-13 18:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Trend Micro
2011-03-13 18:39 . 2011-03-13 18:39 -------- d-----w- C:\Archive
2011-03-13 17:38 . 2011-03-13 17:38 -------- d-----w- c:\program\Delade filer\Java
2011-03-09 16:35 . 2011-03-09 16:35 -------- d-----w- c:\program\Delade filer\Skype
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-24 14:07 . 2011-03-18 18:19 -------- d-----w- C:\Nexon
2011-02-23 13:18 . 2011-02-23 13:18 -------- d-sh--w- c:\documents and settings\Jonte\PrivacIE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:54 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-08-21 15:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-08-21 15:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2010-07-21 21:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-29 10:27 . 2011-01-29 10:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-27 11:57 . 2010-07-21 21:47 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\documents and settings\Jonte\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-15 136176]
"Skype"="c:\program\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Sony Ericsson PC Companion"="c:\program\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-24 427008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2010-11-26 201384]
"F-Secure TNB"="c:\program\F-Secure\FSGUI\TNBUtil.exe" [2010-11-26 1655464]
"ATICustomerCare"="c:\program\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2008-09-06 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-11-30 608584]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Jonte\\Mina dokument\\Downloads\\Maestia-Downloader.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1394:TCP"= 1394:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-11-26 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-11-26 82824]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\F-Secure\HIPS\drivers\fshs.sys [2010-11-26 72520]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2006-03-02 14336]
R2 BCUService;Browser Configuration Utility Service;c:\program\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-07-21 219360]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\minifilter\fsgk.sys [2010-11-26 130728]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-04-23 224896]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-07-21 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program\F-Secure\ORSP Client\fsorsp.exe [2010-11-26 63992]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-03-16 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-03-16 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-03-16 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-03-16 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-03-16 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-03-16 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-03-16 123504]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-03-16 155344]
S4 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\fsfilter.sys [2010-11-26 41896]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\fsrec.sys [2010-11-26 27304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Innehållet i mappen 'Schemalagda aktiviteter':
.
2011-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Extra genomsökning -------
.
LSP: c:\program\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Jonte\Application Data\Mozilla\Firefox\Profiles\n0jmq537.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.bing.com/search?FORM=IEFM1&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.se
FF - prefs.js: keyword.URL -
hxxp://www.bing.com/search?FORM=IEFM1&q=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-03-21 17:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program\f-secure\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(876)
c:\program\F-Secure\FSPS\program\FSLSP.DLL
c:\program\f-secure\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(2880)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Sluttid: 2011-03-21 17:41:12
ComboFix-quarantined-files.txt 2011-03-21 16:41
ComboFix2.txt 2011-03-16 22:05
.
Före genomsökningen: 28 988 088 320 byte ledigt
Efter genomsökningen: 28 995 551 232 byte ledigt
.
- - End Of File - - FE455070AC83F8808A72ABACBC16C4D0