ComboFix 15-09-07.01 - Joppe 15.09.2015 7:50.3.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1044.18.8183.6140 [GMT 2:00] Kjører fra: c:\users\Joppe\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2015-08-15 til 2015-09-15 ))))))))))))))))))))))))))))))))) . . 2015-09-15 05:56 . 2015-09-15 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-09-15 05:46 . 2015-09-15 05:46 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BC28A4-2734-43BD-8B7A-81975B90B7CC}\offreg.1068.dll 2015-09-14 16:29 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BC28A4-2734-43BD-8B7A-81975B90B7CC}\mpengine.dll 2015-09-14 16:28 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-09-13 16:14 . 2015-09-15 05:46 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys 2015-09-09 21:12 . 2015-09-09 21:12 -------- d-----w- c:\programdata\TXQMPC 2015-09-09 20:53 . 2015-09-14 17:53 -------- d-----w- c:\users\Joppe\AppData\Roaming\IQIYI Video 2015-09-09 20:53 . 2015-09-09 20:58 -------- d-----w- c:\programdata\IQIYI Video 2015-09-09 20:45 . 2015-09-09 20:45 74040 ----a-w- c:\windows\system32\drivers\TAOAccelerator64.sys 2015-09-09 20:45 . 2015-09-09 20:45 -------- d-----w- c:\program files\Common Files\Tencent 2015-09-09 20:45 . 2015-09-09 20:45 274232 ----a-w- c:\windows\system32\drivers\TAOKernel64.sys 2015-09-09 20:45 . 2015-09-13 21:13 -------- d-----w- c:\program files (x86)\Common Files\Tencent 2015-09-09 20:45 . 2015-09-09 20:45 87864 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys 2015-09-09 20:44 . 2015-09-09 20:44 -------- d-----w- c:\program files (x86)\Tencent 2015-09-09 20:44 . 2015-09-09 21:24 -------- d-----w- c:\programdata\Tencent 2015-09-09 20:44 . 2015-09-09 21:12 -------- d-----w- c:\users\Joppe\AppData\Roaming\Tencent 2015-09-09 20:14 . 2015-09-13 18:25 -------- d-----w- c:\users\Joppe\AppData\Roaming\cpuminer 2015-09-09 20:13 . 2015-09-09 21:00 -------- d-----w- C:\IQIYI Video 2015-09-09 20:13 . 2015-09-09 20:13 -------- d-----w- c:\users\Public\QiYi 2015-09-09 20:12 . 2015-09-09 20:47 -------- d-----w- c:\program files (x86)\baidu 2015-09-09 11:42 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll 2015-09-09 11:41 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys 2015-09-05 11:34 . 2015-07-02 19:13 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AB6A84D-953B-4D0B-ABEB-27516916E968}\gapaengine.dll 2015-08-31 16:18 . 2015-08-11 04:52 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2015-08-31 16:18 . 2015-08-11 04:52 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-15 05:45 . 2014-04-10 20:09 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-09-15 05:38 . 2014-08-08 11:31 630992 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2015-08-26 16:37 . 2014-04-09 16:26 134753440 ----a-w- c:\windows\system32\MRT.exe 2015-08-11 17:16 . 2014-07-14 12:42 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-08-11 17:16 . 2014-07-14 12:42 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-08-11 04:52 . 2015-01-04 12:56 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll 2015-08-07 11:06 . 2015-08-13 19:22 40280 ----a-w- c:\windows\system32\nvhdap64.dll 2015-08-07 11:06 . 2015-08-13 19:22 204648 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2015-08-07 11:06 . 2015-08-13 19:22 985208 ----a-w- c:\windows\SysWow64\NvIFR.dll 2015-08-07 11:06 . 2015-08-13 19:22 942688 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2015-08-07 11:06 . 2015-08-13 19:22 931448 ----a-w- c:\windows\SysWow64\NvFBC.dll 2015-08-07 11:06 . 2015-08-13 19:22 512720 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2015-08-07 11:06 . 2015-08-13 19:22 42840184 ----a-w- c:\windows\system32\nvcompiler.dll 2015-08-07 11:06 . 2015-08-13 19:22 421544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2015-08-07 11:06 . 2015-08-13 19:22 408184 ----a-w- c:\windows\system32\NvIFROpenGL.dll 2015-08-07 11:06 . 2015-08-13 19:22 37819000 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2015-08-07 11:06 . 2015-08-13 19:22 364152 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll 2015-08-07 11:06 . 2015-08-13 19:22 2937648 ----a-w- c:\windows\system32\nvcuvid.dll 2015-08-07 11:06 . 2015-08-13 19:22 2624816 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2015-08-07 11:06 . 2015-08-13 19:22 22520624 ----a-w- c:\windows\system32\nvoglv64.dll 2015-08-07 11:06 . 2015-08-13 19:22 1898104 ----a-w- c:\windows\system32\nvdispco6435560.dll 2015-08-07 11:06 . 2015-08-13 19:22 18540336 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2015-08-07 11:06 . 2015-08-13 19:22 177088 ----a-w- c:\windows\system32\nvinitx.dll 2015-08-07 11:06 . 2015-08-13 19:22 16630096 ----a-w- c:\windows\system32\nvopencl.dll 2015-08-07 11:06 . 2015-08-13 19:22 1558832 ----a-w- c:\windows\system32\nvdispgenco6435560.dll 2015-08-07 11:06 . 2015-08-13 19:22 155792 ----a-w- c:\windows\SysWow64\nvinit.dll 2015-08-07 11:06 . 2015-08-13 19:22 15510112 ----a-w- c:\windows\system32\nvd3dumx.dll 2015-08-07 11:06 . 2015-08-13 19:22 150648 ----a-w- c:\windows\system32\nvoglshim64.dll 2015-08-07 11:06 . 2015-08-13 19:22 14928048 ----a-w- c:\windows\system32\nvcuda.dll 2015-08-07 11:06 . 2015-08-13 19:22 13656016 ----a-w- c:\windows\SysWow64\nvopencl.dll 2015-08-07 11:06 . 2015-08-13 19:22 128512 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2015-08-07 11:06 . 2015-08-13 19:22 12179496 ----a-w- c:\windows\SysWow64\nvcuda.dll 2015-08-07 11:06 . 2015-08-13 19:22 11076216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2015-08-07 11:06 . 2015-08-13 19:22 1104440 ----a-w- c:\windows\system32\nvumdshimx.dll 2015-08-07 11:06 . 2015-08-13 19:22 1063216 ----a-w- c:\windows\system32\NvIFR64.dll 2015-08-07 11:06 . 2015-08-13 19:22 1059960 ----a-w- c:\windows\system32\NvFBC64.dll 2015-08-07 11:06 . 2015-05-18 15:48 3106384 ----a-w- c:\windows\SysWow64\nvapi.dll 2015-08-07 11:06 . 2015-05-18 15:48 14673920 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2015-08-07 11:06 . 2015-03-29 08:45 1567576 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2015-08-07 11:06 . 2015-01-04 12:56 3518248 ----a-w- c:\windows\system32\nvapi64.dll 2015-08-07 11:06 . 2014-04-09 16:25 112760 ----a-w- c:\windows\system32\OpenCL.dll 2015-08-07 11:06 . 2014-04-09 16:25 105080 ----a-w- c:\windows\SysWow64\OpenCL.dll 2015-08-07 11:06 . 2014-03-20 21:03 17124832 ----a-w- c:\windows\system32\nvwgf2umx.dll 2015-08-07 11:06 . 2014-03-20 21:02 12513288 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2015-08-07 04:34 . 2014-04-09 16:25 937592 ----a-w- c:\windows\system32\nvvsvc.exe 2015-08-07 04:34 . 2014-04-09 16:25 62768 ----a-w- c:\windows\system32\nvshext.dll 2015-08-07 04:34 . 2014-04-09 16:25 2558768 ----a-w- c:\windows\system32\nvsvcr.dll 2015-08-07 04:34 . 2014-04-09 16:25 385328 ----a-w- c:\windows\system32\nvmctray.dll 2015-08-07 04:34 . 2014-04-09 16:25 3492144 ----a-w- c:\windows\system32\nvsvc64.dll 2015-08-07 04:34 . 2014-04-09 16:25 6883448 ----a-w- c:\windows\system32\nvcpl.dll 2015-08-07 04:22 . 2015-08-13 19:25 573048 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2015-08-03 10:12 . 2014-04-09 16:25 5133709 ----a-w- c:\windows\system32\nvcoproc.bin 2015-07-30 18:06 . 2015-08-12 16:06 1648128 ----a-w- c:\windows\system32\DWrite.dll 2015-07-30 18:06 . 2015-08-12 16:06 1180160 ----a-w- c:\windows\system32\FntCache.dll 2015-07-30 18:06 . 2015-08-12 16:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2015-07-30 17:57 . 2015-08-12 16:06 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-07-30 17:57 . 2015-08-12 16:06 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2015-07-30 13:13 . 2015-08-12 21:00 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-07-30 13:13 . 2015-08-12 21:00 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-28 20:09 . 2015-08-12 16:07 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-07-28 20:05 . 2015-08-12 16:07 774656 ----a-w- c:\windows\system32\invagent.dll 2015-07-28 20:05 . 2015-08-12 16:07 743424 ----a-w- c:\windows\system32\generaltel.dll 2015-07-28 20:05 . 2015-08-12 16:07 437760 ----a-w- c:\windows\system32\devinv.dll 2015-07-28 20:05 . 2015-08-12 16:07 1116672 ----a-w- c:\windows\system32\appraiser.dll 2015-07-28 20:05 . 2015-08-12 16:07 69120 ----a-w- c:\windows\system32\acmigration.dll 2015-07-28 20:05 . 2015-08-12 16:07 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-07-28 19:55 . 2015-08-12 16:07 1148416 ----a-w- c:\windows\system32\aeinv.dll 2015-07-24 04:21 . 2015-01-04 13:02 1423304 ----a-w- c:\windows\SysWow64\nvspcap.dll 2015-07-24 04:21 . 2015-01-04 13:02 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2015-07-24 04:21 . 2015-01-04 13:02 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll 2015-07-24 04:21 . 2015-01-04 13:02 1710568 ----a-w- c:\windows\system32\nvspcap64.dll 2015-07-22 17:53 . 2015-09-09 11:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-07-16 19:12 . 2015-08-12 16:07 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll 2015-07-16 19:12 . 2015-08-12 16:07 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll 2015-07-16 19:12 . 2015-08-12 16:07 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll 2015-07-16 19:11 . 2015-08-12 16:07 62976 ----a-w- c:\windows\system32\tsgqec.dll 2015-07-16 19:11 . 2015-08-12 16:07 7077376 ----a-w- c:\windows\system32\mstscax.dll 2015-07-16 19:11 . 2015-08-12 16:07 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll 2015-07-15 18:15 . 2015-08-12 16:07 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-07-15 18:10 . 2015-08-12 16:07 1743360 ----a-w- c:\windows\system32\sysmain.dll 2015-07-15 18:10 . 2015-08-12 16:07 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-07-15 03:19 . 2015-08-12 16:06 52736 ----a-w- c:\windows\system32\basesrv.dll 2015-07-11 13:15 . 2015-08-12 16:07 429568 ----a-w- c:\windows\system32\wksprt.exe 2015-07-11 02:33 . 2015-07-11 02:33 4587520 ----a-w- c:\windows\SysWow64\GPhotos.scr 2015-07-10 17:51 . 2015-08-12 16:06 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-07-09 17:57 . 2015-08-12 16:06 193536 ----a-w- c:\windows\system32\notepad.exe 2015-07-09 17:57 . 2015-08-12 16:06 193536 ----a-w- c:\windows\notepad.exe 2015-07-09 17:42 . 2015-08-12 16:06 179712 ----a-w- c:\windows\SysWow64\notepad.exe 2015-07-06 15:45 . 2015-07-06 15:45 520584 ----a-r- c:\users\Joppe\AppData\Roaming\Microsoft\Installer\{9D589081-AFC2-4932-9071-AC585AC1EA83}\UninstallTool.D01EB5D5_0EC4_4BDF_A131_1989F9F14A91.exe 2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-07-04 18:07 . 2015-07-15 14:48 2087424 ----a-w- c:\windows\system32\ole32.dll 2015-07-04 17:48 . 2015-07-15 14:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll 2015-07-02 19:13 . 2014-04-19 08:23 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-07-01 20:49 . 2015-08-12 16:06 260096 ----a-w- c:\windows\system32\WebClnt.dll 2015-07-01 20:48 . 2015-08-12 16:06 102912 ----a-w- c:\windows\system32\davclnt.dll 2015-07-01 20:30 . 2015-08-12 16:06 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll 2015-07-01 20:30 . 2015-08-12 16:06 82432 ----a-w- c:\windows\SysWow64\davclnt.dll 2015-07-01 13:26 . 2015-08-12 17:08 81920 ----a-w- c:\windows\SysWow64\devolopacket.dll 2015-07-01 13:26 . 2015-08-12 17:08 34048 ----a-w- c:\windows\SysWow64\drivers\npf_devolo.sys 2015-07-01 13:26 . 2015-08-12 17:08 221184 ----a-w- c:\windows\SysWow64\devolopcap.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}] 2014-05-30 10:05 140344 ----a-w- c:\program files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-08-12 00:57 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-08-12 00:57 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-08-12 00:57 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_B9F3212E3722877F90083BE3CC43543C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-08-28 815944] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-07-29 1404248] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656] "Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920] "QQPCTray"="c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QQPCTRAY.EXE" [2015-09-09 355296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-07-29 1404248] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP] @="service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 cpuz138;cpuz138;c:\users\Joppe\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Joppe\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 leusbser;Lenovo Inc. USB Device for Serial Communication;c:\windows\system32\DRIVERS\leusbser.sys;c:\windows\SYSNATIVE\DRIVERS\leusbser.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys;c:\windows\SYSNATIVE\DRIVERS\WMP54Gv41x64.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TAOFrame;TAOFrame;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TAOFrame.exe;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TAOFrame.exe [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 QMUdisk;tencent QMUdisk;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QMUdisk64.sys;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QMUdisk64.sys [x] S1 TAOKernelDriver;Tencent Auto Optimize Platform.;c:\windows\system32\Drivers\TAOKernel64.sys;c:\windows\SYSNATIVE\Drivers\TAOKernel64.sys [x] S1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TSDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TSDefenseBT64.sys [x] S1 TSSysKit;TSSysKit;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TSSysKit64.sys;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TSSysKit64.sys [x] S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 ClickToRunSvc;Tjenesten Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x] S2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QQPCRTP.exe;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QQPCRTP.exe [x] S2 QQSysMonX64;QQSysMonX64;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QQSysMonX64.sys;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QQSysMonX64.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator64.sys;c:\windows\SYSNATIVE\Drivers\TAOAccelerator64.sys [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFltX64.sys;c:\windows\SYSNATIVE\Drivers\TFsFltX64.sys [x] S3 TS888x64;TS888x64;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TS888x64.sys;c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TS888x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-09-03 18:25 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2015-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14 17:17] . 2015-09-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-506481593-2969520722-2586283123-1001Core.job - c:\users\Joppe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-09 20:33] . 2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-09 16:19] . 2015-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-09 16:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}] 2015-09-09 20:44 415584 ----a-w- c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\TSWebMon64.dat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon] @="{B7667919-3765-4815-A66D-98A09BE662D6}" [HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}] 2015-09-09 20:45 462688 ----a-w- c:\program files (x86)\Tencent\QQPCMgr\11.0.16765.217\QMGCShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-07-24 1710568] "gpuminer"="c:\users\Joppe\AppData\Roaming\cpuminer\sgminer\start.cmd" [2015-08-21 214] . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.hao123.com/?tn=95161498_hao_pg mStart Page = hxxp://www.hao123.com/?tn=95161498_hao_pg mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . - - - - TOMME PEKERE FJERNET - - - - . Wow6432Node-HKLM-Run- - (no file) AddRemove-Autodesk Application Manager - c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe . . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] " QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.0.16765.217\\QQPCTRAY.EXE\" /regrun /qqrepair" . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_USERS\S-1-5-21-506481593-2969520722-2586283123-1001\Software\SecuROM\License information*] "datasecu"=hex:b0,c4,b2,5f,de,91,d5,af,78,40,81,ad,c9,61,82,53,7e,4f,de,ba,6b, 91,0a,09,1d,fb,27,3c,e5,7f,96,50,c0,ca,f2,4a,9e,6b,de,16,b3,87,6c,6c,c8,92,\ "rkeysecu"=hex:9b,75,f4,04,1c,29,75,eb,67,8b,c4,df,2a,a2,9c,3d . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2015-09-15 07:59:38 ComboFix-quarantined-files.txt 2015-09-15 05:59 ComboFix2.txt 2015-09-13 18:43 ComboFix3.txt 2015-09-09 21:37 . Pre-Run: 777 535 664 128 byte ledig Post-Run: 778 283 999 232 byte ledig . - - End Of File - - 4FADCD7A3DE25A98F7F0B577A617A060 A36C5E4F47E84449FF07ED3517B43A31