ComboFix 14-09-12.01 - 12.09.2014 21:07:56.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1033.18.16346.12644 [GMT 2:00] Kjører fra: c:\users\\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . G:\install.exe . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2014-08-12 til 2014-09-12 ))))))))))))))))))))))))))))))))) . . 2014-09-12 19:10 . 2014-09-12 19:10 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2014-09-12 19:10 . 2014-09-12 19:10 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-09-12 19:10 . 2014-09-12 19:10 -------- d-----w- c:\users\hedev\AppData\Local\temp 2014-09-12 19:10 . 2014-09-12 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-12 18:44 . 2014-09-12 18:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{031117FC-4CEC-47AC-868B-36B403DE5BB2}\offreg.dll 2014-09-12 18:35 . 2014-09-12 18:35 -------- d-----w- C:\SUPERDelete 2014-09-12 18:35 . 2014-09-12 18:35 -------- d-----w- c:\users\\AppData\Roaming\SUPERAntiSpyware.com 2014-09-12 18:34 . 2014-09-12 18:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2014-09-12 16:18 . 2014-09-12 16:18 -------- d-----w- c:\users\\AppData\Local\Opera Software 2014-09-12 16:18 . 2014-09-12 16:18 -------- d-----w- c:\users\\AppData\Roaming\Opera Software 2014-09-12 16:16 . 2014-09-12 16:15 319912 ----a-w- c:\windows\system32\javaws.exe 2014-09-12 16:16 . 2014-09-12 16:15 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-09-12 16:16 . 2014-09-12 16:15 189352 ----a-w- c:\windows\system32\javaw.exe 2014-09-12 16:16 . 2014-09-12 16:15 189352 ----a-w- c:\windows\system32\java.exe 2014-09-12 16:15 . 2014-09-12 16:15 -------- d-----w- c:\program files\Java 2014-09-12 16:14 . 2014-09-12 16:14 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-09-12 16:14 . 2014-09-12 16:14 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-09-12 16:14 . 2014-09-12 16:14 -------- d-----w- c:\program files (x86)\Java 2014-09-12 11:11 . 2014-09-12 11:11 -------- d-----w- c:\users\\AppData\Roaming\AVAST Software 2014-09-12 11:10 . 2014-09-12 11:10 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-09-12 11:10 . 2014-09-12 11:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-09-12 11:10 . 2014-09-12 11:10 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-09-12 11:10 . 2014-09-12 11:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-09-12 11:10 . 2014-09-12 11:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-09-12 11:10 . 2014-09-12 11:10 307344 ----a-w- c:\windows\system32\aswBoot.exe 2014-09-12 11:10 . 2014-09-12 11:10 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-09-12 11:10 . 2014-09-12 11:10 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-09-12 11:10 . 2014-09-12 11:10 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-09-12 11:10 . 2014-09-12 11:10 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-09-12 11:10 . 2014-09-12 11:10 43152 ----a-w- c:\windows\avastSS.scr 2014-09-12 11:10 . 2014-09-12 11:10 448400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2014-09-12 11:06 . 2014-09-12 11:08 -------- d-----w- c:\programdata\AVAST Software 2014-09-12 11:03 . 2014-09-12 11:04 -------- d-----w- c:\users\\AppData\Local\Avg2013 2014-09-12 10:38 . 2014-09-12 10:38 -------- d-----w- c:\program files\Enigma Software Group 2014-09-12 10:33 . 2014-09-12 11:00 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-11 21:29 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-09-11 21:29 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2014-09-11 19:08 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-09-11 19:08 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-09-11 19:07 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-09-11 19:07 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-09-11 19:07 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-09-11 19:07 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-09-11 19:07 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-09-11 19:07 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-09-11 19:07 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-09-11 19:07 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll 2014-09-11 19:07 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-09-11 16:35 . 2014-09-12 18:34 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-09-11 16:35 . 2014-09-11 16:35 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-09-11 16:35 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-09-11 16:35 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-09-11 16:29 . 2014-09-11 16:31 -------- d-----w- c:\users\\AppData\Roaming\Systweak 2014-09-11 16:29 . 2013-08-22 16:36 20312 ----a-w- c:\windows\system32\roboot64.exe 2014-09-09 14:26 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-09-09 14:26 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-09-09 14:26 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-09-09 14:02 . 2014-09-12 19:07 -------- d-----w- c:\users\TEMP.-PC 2014-08-26 17:52 . 2014-08-26 17:52 -------- d-----w- c:\program files (x86)\AVG Security Toolbar 2014-08-26 17:52 . 2014-08-26 17:52 -------- d-----w- c:\programdata\Avg_Update_0814tb 2014-08-24 13:54 . 2014-08-24 13:54 -------- d-----w- c:\users\\AppData\Roaming\theHunter 2014-08-24 13:54 . 2014-08-24 13:54 -------- d-----w- c:\users\\AppData\Local\theHunter 2014-08-24 13:51 . 2014-08-24 13:51 -------- d-----w- c:\programdata\Hunter 2014-08-23 18:03 . 2014-08-23 18:23 -------- d-----w- c:\users\\AppData\Roaming\fizzy 2014-08-18 23:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-18 23:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-18 23:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-18 23:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-18 23:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-18 23:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-18 23:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-18 23:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-18 22:00 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-18 22:00 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-08-18 22:00 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2014-08-18 22:00 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe 2014-08-18 22:00 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll 2014-08-18 22:00 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll 2014-08-18 22:00 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll 2014-08-18 22:00 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll 2014-08-18 22:00 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll 2014-08-18 22:00 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll 2014-08-18 21:59 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll 2014-08-18 21:57 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2014-08-18 21:57 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-11 21:30 . 2012-10-14 19:43 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-09-10 15:26 . 2012-10-06 13:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-10 15:26 . 2012-10-06 13:12 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-08-04 12:34 . 2012-10-03 19:05 30528 ----a-w- c:\windows\GVTDrv64.sys 2014-08-04 12:34 . 2012-10-03 19:04 25640 ----a-w- c:\windows\gdrv.sys 2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2014-06-27 16:32 . 2014-06-06 13:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2014-06-18 18:00 . 2014-06-18 18:00 241348 ----a-w- c:\windows\SysWow64\~.tmp 2014-06-18 02:18 . 2014-07-16 05:25 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-16 05:25 646144 ----a-w- c:\windows\SysWow64\osk.exe . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="g:\daemon tools lite\DTLite.exe" [2012-08-28 3671904] "Steam"="g:\steam\steam.exe" [2014-08-28 1939136] "ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2013-02-15 14731776] "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-05-14 55360] "SUPERAntiSpyware"="d:\superantispy\SUPERAntiSpyware.exe" [2014-09-09 7763736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544] "STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-08-29 771968] "THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2011-08-29 1517056] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608] "PWRISOVM.EXE"="g:\poweriso\PWRISOVM.EXE" [2012-08-24 336992] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200] "AvastUI.exe"="d:\avast software\Avast\AvastUI.exe" [2014-09-12 4085896] . c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2013-1-18 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R1 SASDIFSV;SASDIFSV;d:\superantispy\SASDIFSV64.SYS;d:\superantispy\SASDIFSV64.SYS [x] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\dragon age\bin_ship\DAUpdaterSvc.Service.exe;g:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [x] R3 dump_wmimmc;dump_wmimmc;g:\steam\steamapps\common\GV Online Eg\GameGuard\dump_wmimmc.sys;g:\steam\steamapps\common\GV Online Eg\GameGuard\dump_wmimmc.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\\AppData\Local\Temp\Rar$EXa0.472\WinRing0x64.sys;c:\users\\AppData\Local\Temp\Rar$EXa0.472\WinRing0x64.sys [x] S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 SASKUTIL;SASKUTIL;d:\superantispy\SASKUTIL64.SYS;d:\superantispy\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;d:\superantispy\SASCORE64.EXE;d:\superantispy\SASCORE64.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;d:\avast software\Avast\afwServ.exe;d:\avast software\Avast\afwServ.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [x] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x] S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - SASKUTIL [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [BU] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2014-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 15:26] . 2014-09-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 10513797-7bac-413c-b766-9a5960570a43.job - d:\superantispy\SASTask.exe [2013-11-07 20:08] . 2014-09-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3200d84b-6fac-4f22-99f1-4eba8e886712.job - d:\superantispy\SASTask.exe [2013-11-07 20:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-09-12 11:10 634872 ----a-w- d:\avast software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-04-15 10396440] . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = www.google.com TCP: DhcpNameServer = 192.168.137.1 FF - ProfilePath - c:\users\AppData\Roaming\Mozilla\Firefox\Profiles\xjk9afdp.default\ . - - - - TOMME PEKERE FJERNET - - - - . AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-UnityWebPlayer - c:\users\\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_USERS\S-1-5-21-2282134204-285339596-3668403330-1000\Software\SecuROM\License information*] "datasecu"=hex:a5,f2,97,a7,43,27,fb,c1,1b,20,2c,d7,6a,eb,d5,63,b1,6f,bb,46,0f, 9c,3c,b9,5c,45,11,99,8d,90,ff,98,0b,f1,16,9e,31,9e,b3,c3,5b,92,c7,23,c3,3a,\ "rkeysecu"=hex:e8,30,53,e4,70,81,dd,0c,e6,95,87,a7,91,60,fc,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2014-09-12 21:12:06 ComboFix-quarantined-files.txt 2014-09-12 19:12 ComboFix2.txt 2013-10-09 15:31 . Pre-Run: 23 660 363 776 bytes free Post-Run: 23 084 867 584 bytes free . - - End Of File - - 95FB76DDCBF36EF68F550A1E9B136A8F