ComboFix 13-03-28.01 - markus 28.03.2013  20:46:13.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.47.1044.18.7657.6193 [GMT 1:00]
Kjører fra: E:\ComboFix.exe
Command switches brukt :: E:\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\markus\dxlainz.exe"
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2013-02-28 til 2013-03-28  )))))))))))))))))))))))))))))))))
.
.
2013-03-28 23:31 . 2013-03-29 01:45	--------	d-----w-	c:\windows\Microsoft Antimalware
2013-03-28 19:49 . 2013-03-28 19:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-28 19:49 . 2013-03-28 19:49	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-03-28 19:17 . 2013-03-28 19:17	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{41400E33-A05D-408B-B943-8BE402C27E5E}\offreg.dll
2013-03-28 16:28 . 2013-03-28 16:28	--------	d-----w-	c:\program files\CCleaner
2013-03-28 15:05 . 2013-01-15 01:45	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{41400E33-A05D-408B-B943-8BE402C27E5E}\mpengine.dll
2013-03-04 18:12 . 2013-03-29 00:02	--------	d-----w-	c:\users\markus\Low_00FEC012
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-11-21 03:27	273840	----a-w-	c:\windows\system32\MpSigStub.exe
2013-01-09 01:48 . 2013-02-15 20:05	17812992	----a-w-	c:\windows\system32\mshtml.dll
2013-01-09 01:22 . 2013-02-15 20:04	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-01-09 01:19 . 2013-02-15 20:05	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-01-09 01:12 . 2013-02-15 20:05	1346048	----a-w-	c:\windows\system32\urlmon.dll
2013-01-09 01:12 . 2013-02-15 20:05	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-01-09 01:11 . 2013-02-15 20:05	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-01-09 01:10 . 2013-02-15 20:05	237056	----a-w-	c:\windows\system32\url.dll
2013-01-09 01:09 . 2013-02-15 20:05	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-01-09 01:07 . 2013-02-15 20:05	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-01-09 01:07 . 2013-02-15 20:05	816640	----a-w-	c:\windows\system32\jscript.dll
2013-01-09 01:07 . 2013-02-15 20:05	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-01-09 01:06 . 2013-02-15 20:05	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-01-09 01:05 . 2013-02-15 20:05	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-01-09 01:04 . 2013-02-15 20:05	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-01-09 01:04 . 2013-02-15 20:05	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-01-09 01:00 . 2013-02-15 20:05	248320	----a-w-	c:\windows\system32\ieui.dll
2013-01-08 22:11 . 2013-02-15 20:05	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-01-08 22:03 . 2013-02-15 20:05	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-01-08 22:03 . 2013-02-15 20:05	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59 . 2013-02-15 20:05	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58 . 2013-02-15 20:05	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-01-08 21:56 . 2013-02-15 20:05	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-01-05 05:53 . 2013-02-15 20:21	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-15 20:21	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-15 20:21	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-16 20:57	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-16 20:57	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-16 20:57	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-15 20:20	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-16 20:57	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-16 20:57	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-16 20:57	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-16 20:57	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-15 20:21	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-15 20:21	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-29 630912]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"Load"=c:\users\markus\dxlainz.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-25 1255736]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-29 235520]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-03-23 355920]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2012-02-08 871296]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2012-02-29 28264]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2012-02-07 255376]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-10-25 102528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-10-25 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-19 244560]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-29 342632]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-13 56448]
.
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 05:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2012-02-08 1829768]
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2013-03-28  20:51:07
ComboFix-quarantined-files.txt  2013-03-28 19:51
ComboFix2.txt  2013-03-28 19:27
.
Pre-Run: 416 442 494 976 byte ledig
Post-Run: 416 147 222 528 byte ledig
.
- - End Of File - - BBF4B5EE54343AC0A5E5466C60ADB18E