Sirefef won't go away - please help!

cschrille · Jun 8, 2012

Ok I got CF running in normal mode. I just launched it and this is the log that came out.
ComboFix 12-06-07.03 - Ägaren 2012-06-08 19:53:31.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1053.18.8173.6842 [GMT 2:00]
Körs från: c:\users\Ägaren\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((( Filer skapade från 2012-05-08 till 2012-06-08 ))))))))))))))))))))))))))))))
.
.
2012-06-08 17:58 . 2012-06-08 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 17:58 . 2012-06-08 17:58 -------- d-----w- c:\users\Chrilles\AppData\Local\temp
2012-06-08 17:05 . 2012-06-08 17:06 -------- d-----w- c:\programdata\PMB Files
2012-06-08 17:04 . 2012-06-08 17:04 -------- d-----w- c:\program files (x86)\Pando Networks
2012-06-08 02:04 . 2012-06-08 02:04 -------- d-----w- C:\found.000
2012-06-07 18:23 . 2012-06-07 22:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-07 16:16 . 2012-06-07 16:16 -------- d-----w- c:\program files\Alex Feinman
2012-06-05 23:50 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4552CAB4-0065-4371-B8ED-5513444AFBD7}\mpengine.dll
2012-06-03 18:42 . 2012-06-03 18:42 -------- d-----w- c:\program files (x86)\ESET
2012-06-03 18:29 . 2012-06-03 18:29 -------- d-----w- C:\_OTL
2012-06-03 15:50 . 2012-06-03 15:50 -------- d-----w- c:\programdata\Sophos
2012-06-03 15:50 . 2012-06-03 15:50 -------- d-----w- c:\program files (x86)\Sophos
2012-06-03 12:49 . 2012-06-03 12:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-03 08:12 . 2012-06-07 00:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-03 08:12 . 2012-06-03 08:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-02 20:17 . 2012-06-02 20:17 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-02 20:17 . 2012-06-02 20:17 460888 ----a-w- c:\windows\system32\drivers\39377219.sys
2012-06-02 17:35 . 2012-06-02 17:35 -------- d-----w- c:\programdata\Malwarebytes
2012-06-02 17:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 17:35 . 2012-06-02 17:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 16:39 . 2012-06-02 16:39 -------- d-----w- c:\programdata\Rockstar Games
2012-06-02 11:28 . 2012-06-07 22:57 -------- d-----w-aren c:\users\GAREN~2
2012-06-02 11:14 . 2012-06-02 11:14 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-05-28 15:56 . 2012-05-28 15:56 -------- d-sh--w- c:\programdata\DSS
2012-05-26 15:55 . 2012-05-26 22:38 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-05-26 13:38 . 2012-05-26 13:38 -------- d-----w- c:\program files (x86)\GIGA
2012-05-25 18:17 . 2012-05-25 18:17 -------- d-----w- c:\program files (x86)\FlashGet
2012-05-24 14:58 . 2012-05-24 14:58 -------- d-----w- C:\KISS
2012-05-24 14:20 . 2012-03-09 08:57 23816 ------w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-05-24 14:20 . 2012-05-24 14:20 -------- d-----w- c:\program files\CPUID
2012-05-24 11:42 . 2012-05-24 11:42 -------- d-----w- c:\program files\Speccy
2012-05-23 11:58 . 2012-05-23 11:58 283200 ------w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-23 11:58 . 2012-05-23 11:58 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-05-23 11:57 . 2012-05-23 12:00 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-05-22 19:19 . 2012-05-22 19:19 -------- d-----w- c:\windows\Sun
2012-05-22 19:16 . 2012-05-22 19:16 -------- d-----w- c:\program files (x86)\Oracle
2012-05-22 19:15 . 2012-04-04 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-22 19:15 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-22 19:12 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-22 15:04 . 2012-05-22 15:13 -------- d-----w- c:\program files (x86)\NeoDownloader
2012-05-21 19:30 . 2012-05-21 19:30 -------- d-----w- c:\program files (x86)\7-Zip
2012-05-21 19:27 . 2012-05-21 19:27 -------- d-----w- c:\program files (x86)\Notepad++
2012-05-20 14:41 . 2012-05-20 14:41 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-20 09:53 . 2012-06-01 10:35 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-18 19:54 . 2012-06-03 10:47 -------- d-----w- c:\programdata\Electronic Arts
2012-05-18 19:54 . 2012-05-18 19:55 -------- d-----w- c:\program files (x86)\Origin
2012-05-17 21:22 . 2012-05-17 21:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-17 21:04 . 2012-05-17 21:04 -------- d-----w- c:\programdata\Battle.net
2012-05-17 19:47 . 2012-05-17 21:34 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-16 15:19 . 2012-05-16 15:19 -------- d-----w- c:\programdata\BDLogging
2012-05-16 15:18 . 2012-05-27 20:35 -------- d-----w- c:\program files\Bitdefender
2012-05-16 15:16 . 2012-05-27 20:21 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-15 20:52 . 2012-05-15 20:52 -------- d-----w- c:\program files (x86)\VideoLAN
2012-05-15 20:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-05-15 20:50 . 2012-05-15 20:50 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-05-15 20:08 . 2012-05-15 20:08 -------- d-----w- c:\program files (x86)\VPNCheck
2012-05-15 20:00 . 2012-05-15 20:02 -------- d-----w- c:\program files (x86)\OpenVPN
2012-05-15 19:17 . 2012-06-06 00:01 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-15 19:09 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-05-15 19:09 . 2009-07-14 01:15 50688 ----a-w- c:\program files (x86)\Internet Explorer\hmmapi.dll
2012-05-15 19:02 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-05-15 18:51 . 2012-06-07 20:57 -------- d-----w- c:\users\UpdatusUser
2012-05-15 18:43 . 2012-05-15 18:42 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 18:43 . 2012-05-15 18:42 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 18:42 . 2012-05-15 18:42 -------- d-----w- c:\program files\Java
2012-05-15 18:24 . 2003-04-09 03:28 233472 ----a-r- c:\users\Chrilles\AppData\Roaming\MafiaSetup.exe
2012-05-15 18:18 . 2012-05-15 18:18 -------- d-----w- c:\program files\SystemRequirementsLab
2012-05-15 14:56 . 2012-05-15 14:57 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-15 14:54 . 2012-05-15 20:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 14:54 . 2012-05-15 20:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-15 14:54 . 2012-05-15 14:54 -------- d-----w- c:\windows\SysWow64\Macromed
2012-05-15 14:54 . 2012-05-15 14:54 -------- d-----w- c:\windows\system32\Macromed
2012-05-15 14:49 . 2012-05-15 14:49 -------- d-----w- c:\program files (x86)\Microsoft
2012-05-15 14:47 . 2005-05-26 13:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-05-15 14:47 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-05-15 14:09 . 2012-05-15 14:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 14:07 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-15 14:07 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-15 13:46 . 2012-05-15 13:46 -------- d-----w- c:\windows\system32\SPReview
2012-05-15 13:46 . 2012-05-15 13:46 -------- d-----w- c:\windows\system32\EventProviders
2012-05-15 13:42 . 2010-11-20 13:27 624128 ----a-w- c:\windows\system32\qedit.dll
2012-05-15 13:41 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-15 13:41 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-15 13:41 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-15 13:24 . 2012-05-15 13:24 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-15 13:24 . 2012-05-15 13:24 -------- d-----w- c:\windows\system32\Wat
2012-05-15 12:57 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-05-15 12:48 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-15 12:48 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-15 12:48 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-15 12:48 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-15 12:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-15 12:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-15 12:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-15 12:44 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-05-15 12:38 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-05-15 12:38 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-05-15 12:31 . 2012-05-15 12:31 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-05-15 12:31 . 2012-05-22 19:13 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-15 12:31 . 2012-05-22 19:12 -------- d-----w- c:\program files\NVIDIA Corporation
2012-05-15 12:30 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-15 12:30 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-05-15 12:30 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-15 12:30 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-15 12:30 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-15 12:30 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-15 12:30 . 2010-11-20 11:07 162816 ----a-w- c:\windows\system32\rdpudd.dll
2012-05-15 12:30 . 2010-11-20 11:03 20992 ------w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-05-15 11:41 . 2012-06-02 21:33 -------- d-----w- c:\windows\Panther
2012-05-15 11:18 . 2012-02-23 08:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 11:15 . 2012-05-15 11:15 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-05-15 11:14 . 2011-06-10 06:34 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-15 11:14 . 2011-06-10 06:34 539240 ------w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-15 11:14 . 2011-06-10 06:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-15 11:11 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-05-15 11:11 . 2005-11-13 21:22 69715 ------w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-05-15 11:11 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-05-15 11:11 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-05-15 11:11 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-05-15 11:11 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-05-15 11:11 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-05-15 11:11 . 2012-05-12 21:55 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-05-15 11:11 . 2012-05-12 21:55 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-05-15 11:11 . 2012-05-15 11:11 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-05-15 11:11 . 2012-05-15 11:11 -------- d-----w- c:\program files (x86)\Intel
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 13:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-15 13:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-15 10:48 . 2012-02-09 20:43 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-09 20:43 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-02-09 20:43 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-07_22.53.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-15 12:27 . 2012-06-08 17:53 33584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-08 17:53 30228 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-15 10:46 . 2012-06-07 22:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-15 10:46 . 2012-06-08 17:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-03 19:26 . 2012-06-08 17:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-03 19:26 . 2012-06-07 22:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-07 22:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 17:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-15 11:06 . 2012-06-08 17:53 7176 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3856055600-2435477386-2425398921-1000_UserData.bin
+ 2012-06-08 17:51 . 2012-06-08 17:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-07 22:53 . 2012-06-07 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-08 17:51 . 2012-06-08 17:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-07 22:53 . 2012-06-07 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:19 . 2009-07-14 01:39 328704 c:\windows\system32\services.exe
- 2009-07-14 07:43 . 2012-06-07 22:45 625534 c:\windows\system32\perfh01D.dat
+ 2009-07-14 07:43 . 2012-06-08 12:57 625534 c:\windows\system32\perfh01D.dat
- 2009-07-14 02:36 . 2012-06-07 22:45 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-08 12:57 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 07:43 . 2012-06-07 22:45 123688 c:\windows\system32\perfc01D.dat
+ 2009-07-14 07:43 . 2012-06-08 12:57 123688 c:\windows\system32\perfc01D.dat
- 2009-07-14 02:36 . 2012-06-07 22:45 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-08 12:57 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-07 22:52 277180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-08 17:48 277180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-15 15:03 . 2012-06-08 17:48 8299544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3856055600-2435477386-2425398921-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter I registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R1 1052426drv;1052426drv;c:\windows\system32\DRIVERS\1052426drv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-06 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 39377219;39377219;c:\windows\system32\DRIVERS\39377219.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Innehåll I mappen 'Schemalagda aktiviteter':
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
FF - ProfilePath - c:\users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\r3cyqdc7.default\
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5f,b7,7b,f1,c8,44,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-06-08 20:00:13
ComboFix-quarantined-files.txt 2012-06-08 18:00
ComboFix2.txt 2012-06-07 23:39
ComboFix3.txt 2012-06-07 22:57
.
Före genomsökningen: 366 261 149 696 byte ledigt
Efter genomsökningen: 366 171 058 176 byte ledigt
.
- - End Of File - - FFC49ED7BFF8F92AC7876399914FCCA5

Want me to run some special thing?

cschrille · Jun 8, 2012

Also, Nod32 managed to delete the file in GAC64 so I could remove the whole folder.

Broni · Jun 8, 2012

Combofix log looks good so if there are no other issues....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

cschrille · Jun 8, 2012

Thank you so much!

My PC seems fine, no viruses detected in MBAM or Nod32.

Broni · Jun 8, 2012

You're very welcome

Make sure you complete all final steps, especially resetting restore points.

Good luck and stay safe

TechSpot

Welcome to TechSpot

Sirefef won't go away - please help!

cschrille TechSpot Enthusiast Posts: 181

cschrille TechSpot Enthusiast Posts: 181

Broni Malware Annihilator Posts: 39,231 +175

cschrille TechSpot Enthusiast Posts: 181

Broni Malware Annihilator Posts: 39,231 +175

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.