ComboFix 13-04-10.02 - masa 04/11/2013 16:16:31.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1256.20.1033.18.4094.3271 [GMT 2:00]
Running from: c:\users\masa\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\Music.lnk
.
.
((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 )))))))))))))))))))))))))))))))
.
.
2013-04-11 22:03 . 2013-04-11 12:08 -------- d-----w- c:\windows\Panther
2013-04-11 22:03 . 2013-04-11 22:03 -------- d-----w- C:\Boot
2013-04-11 14:19 . 2013-04-11 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-11 14:12 . 2013-04-11 14:12 25640 ----a-w- c:\windows\gdrv.sys
2013-04-11 13:29 . 2013-04-11 13:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-11 13:29 . 2013-04-11 13:28 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-11 13:29 . 2013-04-11 13:28 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-11 13:28 . 2013-04-11 13:28 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-11 13:28 . 2013-04-11 13:28 -------- d-----w- c:\program files (x86)\Java
2013-04-11 13:01 . 2013-04-11 13:01 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-04-11 12:57 . 2013-04-11 12:34 31280 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-04-11 12:57 . 2013-04-11 12:57 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-04-11 12:57 . 2013-04-11 12:57 -------- d-----w- c:\program files\Symantec
2013-04-11 12:57 . 2013-04-11 12:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-04-11 12:55 . 2013-03-19 03:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5804936-DF3B-42E6-8F70-4D8394CE062B}\mpengine.dll
2013-04-11 12:44 . 2008-03-05 14:00 28168 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2013-04-11 12:41 . 2013-04-11 12:41 -------- d-----w- c:\windows\Profiles
2013-04-11 12:41 . 2013-04-11 12:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-11 12:41 . 2002-08-11 21:42 103344 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-04-11 12:40 . 2009-08-13 13:50 541216 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-04-11 12:37 . 2013-04-11 12:37 -------- d-----w- c:\program files\GIGABYTE
2013-04-11 12:35 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-04-11 12:34 . 2013-04-11 12:34 -------- d-----w- c:\windows\system32\drivers\NISx64
2013-04-11 12:34 . 2013-04-11 12:57 -------- d-----w- c:\programdata\Norton
2013-04-11 12:34 . 2013-04-11 12:34 -------- d-----w- c:\program files (x86)\Norton Internet Security
2013-04-11 12:33 . 2013-04-11 13:29 -------- d-sh--w- c:\windows\Installer
2013-04-11 12:33 . 2013-04-11 12:33 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-04-11 12:26 . 2009-07-22 10:24 97792 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-04-11 12:26 . 2009-03-05 06:54 67584 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-04-11 12:25 . 2009-07-30 11:58 236544 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-04-11 12:22 . 2013-04-11 12:22 -------- d-----w- c:\program files (x86)\Intel
2013-04-11 12:22 . 2009-07-08 23:34 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2013-04-11 12:22 . 2013-04-11 12:22 -------- d-----w- C:\Intel
2013-04-11 12:21 . 2013-04-11 12:21 -------- d--h--w- c:\program files (x86)\DeviceVM
2013-04-11 12:21 . 2013-04-11 12:37 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-04-11 12:21 . 2013-04-11 12:21 -------- d-----w- c:\program files (x86)\Gigabyte
2013-04-11 12:21 . 2013-04-11 12:36 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-04-11 12:09 . 2013-04-11 12:09 -------- d-----w- c:\users\masa
2013-04-11 12:08 . 2013-04-11 12:08 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1007 000.01E\SYMEFA64.SYS [2013-04-11 402992]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\NISx64\1007000. 01E\BHDrvx64.sys [2013-04-11 334384]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\100700 0.01E\ccHPx64.sys [2013-04-11 583296]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSVia64.sys [2013-04-11 397360]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2013-04-11 117640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\NISx64\1007000. 01E\SYMNDISV.SYS [2013-04-11 56880]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.9 208.67.222.123 208.67.220.123
FF - ProfilePath - c:\users\masa\AppData\Roaming\Mozilla\Firefox\Prof iles\72f8nry9.default\
FF - ExtSQL: 2013-04-11 15:01; {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - ExtSQL: 2013-04-11 15:01; {8545daff-ad1e-493f-a37e-eed1ac79682b}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N orton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-11 16:21:38
ComboFix-quarantined-files.txt 2013-04-11 14:21
.
Pre-Run: 72,249,409,536 bytes free
Post-Run: 72,137,334,784 bytes free
.
- - End Of File - - 1A0C2C933B23DAB6E236CAF9A2F89612
المفضلات