ComboFix 11-02-24.01 - SanderK 24.02.2011 21:49:49.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.8191.5787 [GMT 1:00] Kjører fra: c:\users\SanderK\Downloads\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . G:\Autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-01-24 til 2011-02-24 ))))))))))))))))))))))))))))))))) . 2011-02-24 14:25 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCF62BF0-4292-476D-8E23-80556EFDAB63}\mpengine.dll 2011-02-20 13:36 . 2011-02-20 13:36 -------- d-----w- c:\users\SanderK\AppData\Local\AMD 2011-02-20 13:35 . 2011-02-20 13:35 -------- d-----w- c:\programdata\AMD 2011-02-19 15:31 . 2011-02-19 15:31 -------- d-----w- c:\program files (x86)\ATI Stream 2011-02-19 15:21 . 2011-02-19 15:21 -------- d-----w- c:\programdata\ATI 2011-02-19 15:21 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys 2011-02-04 14:51 . 2011-02-04 18:10 -------- d-----w- c:\users\SanderK\AppData\Roaming\RIFT 2011-02-04 14:51 . 2011-02-17 18:57 -------- d-----w- c:\program files (x86)\RIFT Beta 2011-02-03 19:56 . 2011-02-14 16:19 -------- d-----w- c:\program files (x86)\osu! 2011-02-03 19:56 . 2011-02-03 19:56 -------- d-----w- c:\users\SanderK\AppData\Roaming\Downloaded Installations 2011-02-01 16:06 . 2011-02-01 16:06 -------- d-----w- c:\users\SanderK\AppData\Roaming\Avira 2011-01-31 18:52 . 2011-01-31 19:13 -------- d-----w- c:\program files (x86)\mIRC 2011-01-29 21:34 . 2006-09-30 09:36 13008 ----a-w- c:\windows\system32\drivers\pstrip64.sys 2011-01-26 17:34 . 2011-01-26 17:31 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-01-26 17:34 . 2010-11-30 09:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{500A8F8A-AB33-4B3E-B49E-59B8E983940C}\gapaengine.dll 2011-01-26 17:19 . 2011-01-26 17:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-01-26 17:19 . 2011-01-26 17:19 -------- d-----w- c:\windows\Temp7077AFB6-CD56-28E9-BB31-808079B214D3-Signatures 2011-01-26 17:19 . 2011-01-26 17:19 -------- d-----w- c:\program files\Microsoft Security Client 2011-01-26 17:19 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-19 15:19 . 2010-02-03 03:55 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-02-19 15:19 . 2010-02-03 04:22 708608 ----a-w- c:\windows\system32\aticfx64.dll 2011-02-19 15:19 . 2010-02-03 03:23 39936 ----a-w- c:\windows\system32\atiuxp64.dll 2011-02-19 15:19 . 2010-02-03 03:37 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-02-19 15:19 . 2010-07-13 15:20 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-02-19 15:19 . 2010-02-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll 2011-02-19 15:18 . 2010-02-03 04:04 4847616 ----a-w- c:\windows\system32\atidxx64.dll 2011-02-19 15:18 . 2010-02-03 03:22 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-01-29 17:34 . 2010-03-08 14:46 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-01-29 17:34 . 2010-03-06 23:20 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-01-29 17:33 . 2010-03-08 14:46 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-01-22 14:26 . 2011-01-22 14:26 53248 ----a-r- c:\users\SanderK\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-01-22 14:26 . 2011-01-22 14:26 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-01-13 01:20 . 2010-06-16 08:33 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-12-13 07:40 . 2011-01-21 23:17 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-12-13 07:40 . 2010-03-06 06:15 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll 2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll 2010-12-05 02:55 . 2010-12-05 02:55 19985265 ----a-w- C:\vlc-1.1.5-win32.exe 2010-12-02 16:51 . 2010-03-08 14:46 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\SanderK\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\SanderK\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\SanderK\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-17 395640] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-01-01 1242448] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "Google Update"="c:\users\SanderK\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-13 136176] "RockMelt Update"="c:\users\SanderK\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2010-11-19 136336] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 2245120] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ALSysIO;ALSysIO;c:\users\SanderK\AppData\Local\Temp\ALSysIO64.sys [x] R3 cpuz130;cpuz130;c:\users\SanderK\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BA5.tmp [2010-05-26 6144] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2009-07-29 717312] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-31 834544] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-19 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 VoddlerNet;VoddlerNet;c:\program files (x86)\Voddler\service\voddler.exe [2010-10-19 907984] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-19 9085952] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-19 299520] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-02-19 115216] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-10-21 51120] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904027180-1136449598-548248195-1001Core.job - c:\users\SanderK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-13 18:54] 2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904027180-1136449598-548248195-1001UA.job - c:\users\SanderK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-13 18:54] 2011-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3904027180-1136449598-548248195-1001Core.job - c:\users\SanderK\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-19 20:00] 2011-02-24 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3904027180-1136449598-548248195-1001UA.job - c:\users\SanderK\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-19 20:00] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\SanderK\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\SanderK\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\SanderK\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ask.com?o=15183&l=dis mLocal Page = c:\windows\SysWOW64\blank.htm IE: Åpne klient i skjerm &1 IE: Åpne klient i skjerm &2 FF - ProfilePath - c:\users\SanderK\AppData\Roaming\Mozilla\Firefox\Profiles\2we275lf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - www.google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: FaceMod Dislike Button: {64e8cc5b-20db-4212-8320-178fc5ae71f7} - c:\program files (x86)\Mozilla Firefox\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - TOMME PEKERE FJERNET - - - - Wow6432Node-HKCU-Run-AdobeBridge - (no file) Notify-LBTWlgn - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\BA5.tmp" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,bc,0e,88,b6,61,c3,42,b3,1a,bf,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,bc,0e,88,b6,61,c3,42,b3,1a,bf,\ [HKEY_USERS\S-1-5-21-3904027180-1136449598-548248195-1001\Software\SecuROM\License information*] "datasecu"=hex:8a,e2,0b,2f,f5,af,4c,92,73,a0,80,62,f6,4f,e8,85,b8,1e,2f,9c,05, 34,e3,23,3c,e8,6e,59,41,82,c5,23,66,e7,32,a6,5d,b1,9f,84,13,c5,8c,fc,eb,2c,\ "rkeysecu"=hex:af,32,df,a8,8f,02,60,94,c2,cc,1f,3d,51,c1,9d,f5 [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe c:\program files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe c:\program files (x86)\Combined Community Codec Packk\MPC\mpc-hc.exe c:\program files (x86)\Mozilla Firefox\firefox.exe . ************************************************************************** . Tidspunkt ferdig: 2011-02-24 22:01:54 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2011-02-24 21:01 Pre-Run: 324 831 678 464 byte ledig Post-Run: 324 989 792 256 byte ledig - - End Of File - - 0AD094AD3BD39C36816B426503688525