Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef.r


  • This topic is locked This topic is locked
9 replies to this topic

#1 GigiLan

GigiLan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 03 July 2012 - 01:00 PM

Hi this is my log ....

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 03-07-2012 19:22:08
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: Italian Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931584 2012-05-02] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [942080 2008-01-18] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [942080 2008-01-18] (Hewlett-Packard)
HKU\enrico\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [942080 2008-01-18] (Hewlett-Packard)
HKU\enrico\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-19] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-01] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-04-04] (Microsoft Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [x]
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-03 19:21 - 2012-07-03 19:21 - 00000000 ____D C:\FRST
2012-07-03 17:58 - 2012-07-03 17:58 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\djydtscj.sys
2012-07-02 23:45 - 2012-07-02 23:45 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-02 14:47 - 2012-07-02 14:42 - 04731392 ____A (AVAST Software) C:\Users\enrico\Desktop\aswMBR.exe
2012-07-02 14:42 - 2012-07-02 14:42 - 04731392 ____A (AVAST Software) C:\Users\enrico\Downloads\aswMBR.exe
2012-07-02 13:55 - 2012-07-02 09:00 - 01805736 ____A (Symantec Corporation) C:\Users\enrico\Desktop\FixZeroAccess.exe
2012-07-01 16:01 - 2012-07-01 16:01 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:01 - 2012-07-01 16:01 - 00000000 ____D C:\Users\enrico\AppData\Roaming\Malwarebytes
2012-07-01 16:01 - 2012-07-01 16:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-01 16:00 - 2012-07-01 16:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-07-01 16:00 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 15:49 - 2012-07-01 15:49 - 00138120 ____A (ESET) C:\Users\enrico\Downloads\ESETSirefefRemover.exe
2012-06-30 20:08 - 2012-06-30 20:08 - 00000000 ____D C:\Windows\Sun
2012-06-30 19:54 - 2012-06-30 19:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-30 19:53 - 2010-04-05 21:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-30 11:44 - 2012-06-30 11:44 - 00000000 ____D C:\Users\enrico\AppData\Roaming\AVG2012
2012-06-30 11:43 - 2012-06-30 15:12 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-30 11:43 - 2012-06-30 15:10 - 00000000 ___HD C:\$AVG
2012-06-30 11:41 - 2012-06-30 15:10 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-22 12:04 - 2012-06-22 12:14 - 00000000 ____D C:\Users\enrico\Desktop\foto chiavetta
2012-06-22 12:02 - 2012-06-22 12:02 - 00000000 ____D C:\Users\enrico\Desktop\foto bacheca
2012-06-22 11:49 - 2012-06-30 19:50 - 00000000 ____D C:\Firefox
2012-06-22 11:39 - 2012-06-22 11:39 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-22 11:39 - 2012-06-22 11:39 - 00000000 ____D C:\Users\All Users\Ask
2012-06-21 11:40 - 2012-06-02 23:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 11:40 - 2012-06-02 23:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 11:40 - 2012-06-02 23:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 11:40 - 2012-06-02 23:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 11:39 - 2012-06-02 23:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 11:39 - 2012-06-02 23:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 11:39 - 2012-06-02 23:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 11:39 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 11:39 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 22:01 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 22:01 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 22:01 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 22:01 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 22:01 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 22:01 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 22:01 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 22:01 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 22:01 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 22:01 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 22:01 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 22:01 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 22:01 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 22:01 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 08:00 - 2012-05-15 20:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 08:00 - 2012-05-01 15:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

============ 3 Months Modified Files ========================

2012-07-03 17:58 - 2012-07-03 17:58 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\djydtscj.sys
2012-07-03 17:58 - 2012-04-07 11:53 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-03 17:47 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-03 17:47 - 2006-11-02 13:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-03 17:47 - 2006-11-02 13:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 15:18 - 2006-11-02 14:01 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-02 15:04 - 2006-11-02 13:52 - 00035522 ____A C:\Windows\setupact.log
2012-07-02 14:44 - 2008-03-15 01:30 - 00663960 ____A C:\Windows\System32\perfh010.dat
2012-07-02 14:44 - 2008-03-15 01:30 - 00120742 ____A C:\Windows\System32\perfc010.dat
2012-07-02 14:44 - 2006-11-02 11:33 - 01467966 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 14:42 - 2012-07-02 14:47 - 04731392 ____A (AVAST Software) C:\Users\enrico\Desktop\aswMBR.exe
2012-07-02 14:42 - 2012-07-02 14:42 - 04731392 ____A (AVAST Software) C:\Users\enrico\Downloads\aswMBR.exe
2012-07-02 14:33 - 2006-11-02 13:47 - 00315872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-02 09:00 - 2012-07-02 13:55 - 01805736 ____A (Symantec Corporation) C:\Users\enrico\Desktop\FixZeroAccess.exe
2012-07-01 16:01 - 2012-07-01 16:01 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-07-01 15:55 - 2012-03-23 09:49 - 00001356 ____A C:\Users\enrico\AppData\Local\d3d9caps.dat
2012-07-01 15:49 - 2012-07-01 15:49 - 00138120 ____A (ESET) C:\Users\enrico\Downloads\ESETSirefefRemover.exe
2012-07-01 14:45 - 2012-04-06 13:27 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-30 20:02 - 2012-03-23 09:48 - 00098966 ____A C:\Windows\PFRO.log
2012-06-30 20:01 - 2012-03-23 09:25 - 01428283 ____A C:\Windows\WindowsUpdate.log
2012-06-30 19:54 - 2012-03-23 09:57 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-28 07:05 - 2012-04-06 13:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-28 07:05 - 2012-03-27 11:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 11:39 - 2012-06-22 11:39 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-22 11:39 - 2012-03-23 10:14 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-06-22 11:39 - 2008-03-14 17:44 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-22 11:39 - 2008-03-14 17:44 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-22 11:39 - 2008-03-14 17:44 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-14 22:02 - 2006-11-02 11:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 23:19 - 2012-06-21 11:40 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-21 11:40 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-21 11:40 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-21 11:39 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-21 11:39 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:12 - 2012-06-21 11:40 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:12 - 2012-06-21 11:39 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-21 11:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 11:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-18 00:11 - 2012-06-14 22:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 23:48 - 2012-06-14 22:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 23:45 - 2012-06-14 22:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 23:36 - 2012-06-14 22:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 23:35 - 2012-06-14 22:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 23:35 - 2012-06-14 22:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 23:33 - 2012-06-14 22:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 23:31 - 2012-06-14 22:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 23:29 - 2012-06-14 22:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 23:29 - 2012-06-14 22:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 23:27 - 2012-06-14 22:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 23:25 - 2012-06-14 22:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 23:24 - 2012-06-14 22:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 23:20 - 2012-06-14 22:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 20:51 - 2012-06-14 08:00 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-01 15:03 - 2012-06-14 08:00 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-14 08:15 - 2012-04-14 08:15 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-14 08:15 - 2012-04-14 08:15 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-14 08:15 - 2012-04-14 08:15 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-14 08:15 - 2012-04-14 08:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-14 08:15 - 2012-04-14 08:12 - 00004287 ____A C:\Windows\IE9_main.log
2012-04-14 08:15 - 2006-11-02 07:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-04-14 08:15 - 2006-11-02 07:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-04-14 08:14 - 2012-04-14 08:14 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00876032 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00797184 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-04-14 08:14 - 2012-04-14 08:14 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-14 08:14 - 2012-04-14 08:14 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-04-14 08:14 - 2012-04-14 08:14 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-14 08:14 - 2012-04-14 08:14 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-14 08:13 - 2012-04-14 08:13 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-04-14 08:13 - 2012-04-14 08:13 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-04-10 13:27 - 2012-04-10 13:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2012-04-07 12:13 - 2012-04-07 12:13 - 00003584 ____A C:\Users\enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-06 13:16 - 2006-11-02 13:50 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-04-06 13:16 - 2006-11-02 13:50 - 00000174 __ASH C:\Users\Public\desktop.ini
2012-04-06 13:16 - 2006-11-02 13:50 - 00000174 __ASH C:\users\desktop.ini
2012-04-06 13:16 - 2006-11-02 13:50 - 00000174 __ASH C:\Program Files\desktop.ini
2012-04-06 13:15 - 2006-11-02 13:48 - 00003324 ____A C:\Windows\DtcInstall.log
2012-04-06 12:56 - 2006-11-02 11:32 - 00101888 ____A (Infineon Technologies AG) C:\Windows\System32\ifxcardm.dll
2012-04-06 12:56 - 2006-11-02 11:32 - 00082432 ____A (Gemalto, Inc.) C:\Windows\System32\axaltocm.dll


ZeroAccess:
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\@
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\L
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\U
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\L\00000004.@
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\L\201d3dde
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\L\55490ac4

ZeroAccess:
C:\Users\enrico\AppData\Local\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}
C:\Users\enrico\AppData\Local\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\@
C:\Users\enrico\AppData\Local\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\L
C:\Users\enrico\AppData\Local\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3070.69 MB
Available physical RAM: 2559.58 MB
Total Pagefile: 2768.36 MB
Available Pagefile: 2597.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.54 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:288.03 GB) (Free:220.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.06 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.25 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Stato Dim. Libera Din Gpt
-------- ---------- ------- ------- --- ---
Disco 0 Pronto 298 Gbytes 1528 Kbytes
Disco 1 Pronto 973 Mbytes 0 byte
Disco 2 Nessun sup 0 byte 0 byte
Disco 3 Nessun sup 0 byte 0 byte
Disco 4 Nessun sup 0 byte 0 byte
Disco 5 Nessun sup 0 byte 0 byte

Partitions of Disk 0:
===============

Partition ### Tipo Dim. Offset
------------- ---------------- ------- -------
Partizione 1 Primario 288 Gb 32 Kb
Partizione 2 Primario 10 Gb 288 Gb

==================================================================================

Disk: 0
Partizione 1
Tipo : 07
Nascosta: No
Attiva : SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C HP NTFS Partizione 288 Gb Integro

==================================================================================

Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva : No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D FACTORY_IMA NTFS Partizione 10 Gb Integro

==================================================================================

Partitions of Disk 1:
===============

Partition ### Tipo Dim. Offset
------------- ---------------- ------- -------
Partizione 1 Primario 973 Mb 32 Kb

==================================================================================

Disk: 1
Partizione 1
Tipo : 0B
Nascosta: No
Attiva : SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 F FAT32 Rimovibile 973 Mb Integro

==================================================================================

==========================================================

Last Boot: 2012-06-30 15:18

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 03 July 2012 - 07:01 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2012-07-03 17:58 - 2012-07-03 17:58 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\djydtscj.sys
C:\Windows\Installer\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}
C:\Users\enrico\AppData\Local\{0ef6b8f4-9ede-09b3-f5f0-5923065f7b57}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.




NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 GigiLan

GigiLan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 04 July 2012 - 07:59 AM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 04-07-2012 14:53:11
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: Italian Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [90112 2006-11-10] ()
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931584 2012-05-02] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [942080 2008-01-18] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [942080 2008-01-18] (Hewlett-Packard)
HKU\enrico\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [942080 2008-01-18] (Hewlett-Packard)
HKU\enrico\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-19] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-01] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-04-04] (Microsoft Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [x]
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-04 13:50 - 2012-07-04 13:50 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fidigytr.sys
2012-07-04 13:50 - 2012-07-04 13:50 - 00000000 ____D C:\Windows\ERDNT
2012-07-04 13:50 - 2012-07-04 13:50 - 00000000 ____D C:\Qoobox
2012-07-03 19:21 - 2012-07-03 19:21 - 00000000 ____D C:\FRST
2012-07-02 23:45 - 2012-07-02 23:45 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-02 14:47 - 2012-07-02 14:42 - 04731392 ____A (AVAST Software) C:\Users\enrico\Desktop\aswMBR.exe
2012-07-02 14:42 - 2012-07-02 14:42 - 04731392 ____A (AVAST Software) C:\Users\enrico\Downloads\aswMBR.exe
2012-07-02 13:55 - 2012-07-02 09:00 - 01805736 ____A (Symantec Corporation) C:\Users\enrico\Desktop\FixZeroAccess.exe
2012-07-01 16:01 - 2012-07-01 16:01 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:01 - 2012-07-01 16:01 - 00000000 ____D C:\Users\enrico\AppData\Roaming\Malwarebytes
2012-07-01 16:01 - 2012-07-01 16:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-01 16:00 - 2012-07-01 16:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-07-01 16:00 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 15:49 - 2012-07-01 15:49 - 00138120 ____A (ESET) C:\Users\enrico\Downloads\ESETSirefefRemover.exe
2012-06-30 20:08 - 2012-06-30 20:08 - 00000000 ____D C:\Windows\Sun
2012-06-30 19:54 - 2012-06-30 19:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-30 19:53 - 2010-04-05 21:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-30 11:44 - 2012-06-30 11:44 - 00000000 ____D C:\Users\enrico\AppData\Roaming\AVG2012
2012-06-30 11:43 - 2012-06-30 15:12 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-30 11:43 - 2012-06-30 15:10 - 00000000 ___HD C:\$AVG
2012-06-30 11:41 - 2012-06-30 15:10 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-22 12:04 - 2012-06-22 12:14 - 00000000 ____D C:\Users\enrico\Desktop\foto chiavetta
2012-06-22 12:02 - 2012-06-22 12:02 - 00000000 ____D C:\Users\enrico\Desktop\foto bacheca
2012-06-22 11:49 - 2012-06-30 19:50 - 00000000 ____D C:\Firefox
2012-06-22 11:39 - 2012-06-22 11:39 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-22 11:39 - 2012-06-22 11:39 - 00000000 ____D C:\Users\All Users\Ask
2012-06-21 11:40 - 2012-06-02 23:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 11:40 - 2012-06-02 23:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 11:40 - 2012-06-02 23:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 11:40 - 2012-06-02 23:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 11:39 - 2012-06-02 23:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 11:39 - 2012-06-02 23:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 11:39 - 2012-06-02 23:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 11:39 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 11:39 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 22:01 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 22:01 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 22:01 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 22:01 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 22:01 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 22:01 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 22:01 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 22:01 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 22:01 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 22:01 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 22:01 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 22:01 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 22:01 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 22:01 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 08:00 - 2012-05-15 20:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 08:00 - 2012-05-01 15:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

============ 3 Months Modified Files ========================

2012-07-04 13:50 - 2012-07-04 13:50 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fidigytr.sys
2012-07-04 13:47 - 2006-11-02 13:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-04 13:47 - 2006-11-02 13:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-04 13:46 - 2012-03-23 09:48 - 00099290 ____A C:\Windows\PFRO.log
2012-07-04 13:46 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-03 17:58 - 2012-04-07 11:53 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-02 15:18 - 2006-11-02 14:01 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-02 15:04 - 2006-11-02 13:52 - 00035522 ____A C:\Windows\setupact.log
2012-07-02 14:44 - 2008-03-15 01:30 - 00663960 ____A C:\Windows\System32\perfh010.dat
2012-07-02 14:44 - 2008-03-15 01:30 - 00120742 ____A C:\Windows\System32\perfc010.dat
2012-07-02 14:44 - 2006-11-02 11:33 - 01467966 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 14:42 - 2012-07-02 14:47 - 04731392 ____A (AVAST Software) C:\Users\enrico\Desktop\aswMBR.exe
2012-07-02 14:42 - 2012-07-02 14:42 - 04731392 ____A (AVAST Software) C:\Users\enrico\Downloads\aswMBR.exe
2012-07-02 14:33 - 2006-11-02 13:47 - 00315872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-02 09:00 - 2012-07-02 13:55 - 01805736 ____A (Symantec Corporation) C:\Users\enrico\Desktop\FixZeroAccess.exe
2012-07-01 16:01 - 2012-07-01 16:01 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:01 - 2012-07-01 16:01 - 00000908 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-01 16:00 - 2012-07-01 16:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\enrico\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-07-01 15:55 - 2012-03-23 09:49 - 00001356 ____A C:\Users\enrico\AppData\Local\d3d9caps.dat
2012-07-01 15:49 - 2012-07-01 15:49 - 00138120 ____A (ESET) C:\Users\enrico\Downloads\ESETSirefefRemover.exe
2012-07-01 14:45 - 2012-04-06 13:27 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-30 20:01 - 2012-03-23 09:25 - 01428989 ____A C:\Windows\WindowsUpdate.log
2012-06-30 19:54 - 2012-03-23 09:57 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-28 07:05 - 2012-04-06 13:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-28 07:05 - 2012-03-27 11:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 11:39 - 2012-06-22 11:39 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-22 11:39 - 2012-03-23 10:14 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-06-22 11:39 - 2008-03-14 17:44 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-22 11:39 - 2008-03-14 17:44 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-22 11:39 - 2008-03-14 17:44 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-14 22:02 - 2006-11-02 11:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 23:19 - 2012-06-21 11:40 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-21 11:40 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-21 11:40 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-21 11:39 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-21 11:39 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:12 - 2012-06-21 11:40 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:12 - 2012-06-21 11:39 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-21 11:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 11:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-18 00:11 - 2012-06-14 22:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 23:48 - 2012-06-14 22:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 23:45 - 2012-06-14 22:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 23:36 - 2012-06-14 22:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 23:35 - 2012-06-14 22:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 23:35 - 2012-06-14 22:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 23:33 - 2012-06-14 22:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 23:31 - 2012-06-14 22:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 23:29 - 2012-06-14 22:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 23:29 - 2012-06-14 22:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 23:27 - 2012-06-14 22:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 23:25 - 2012-06-14 22:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 23:24 - 2012-06-14 22:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 23:20 - 2012-06-14 22:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 20:51 - 2012-06-14 08:00 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-01 15:03 - 2012-06-14 08:00 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-14 08:15 - 2012-04-14 08:15 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-14 08:15 - 2012-04-14 08:15 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-14 08:15 - 2012-04-14 08:15 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-14 08:15 - 2012-04-14 08:15 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-14 08:15 - 2012-04-14 08:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-14 08:15 - 2012-04-14 08:15 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-14 08:15 - 2012-04-14 08:12 - 00004287 ____A C:\Windows\IE9_main.log
2012-04-14 08:15 - 2006-11-02 07:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-04-14 08:15 - 2006-11-02 07:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-04-14 08:14 - 2012-04-14 08:14 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00876032 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00797184 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-04-14 08:14 - 2012-04-14 08:14 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-14 08:14 - 2012-04-14 08:14 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-04-14 08:14 - 2012-04-14 08:14 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-04-14 08:14 - 2012-04-14 08:14 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-14 08:14 - 2012-04-14 08:14 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-14 08:13 - 2012-04-14 08:13 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-04-14 08:13 - 2012-04-14 08:13 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-04-14 08:13 - 2012-04-14 08:13 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-04-10 13:27 - 2012-04-10 13:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2012-04-07 12:13 - 2012-04-07 12:13 - 00003584 ____A C:\Users\enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-06 13:16 - 2006-11-02 13:50 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-04-06 13:16 - 2006-11-02 13:50 - 00000174 __ASH C:\Users\Public\desktop.ini
2012-04-06 13:16 - 2006-11-02 13:50 - 00000174 __ASH C:\users\desktop.ini
2012-04-06 13:16 - 2006-11-02 13:50 - 00000174 __ASH C:\Program Files\desktop.ini
2012-04-06 13:15 - 2006-11-02 13:48 - 00003324 ____A C:\Windows\DtcInstall.log
2012-04-06 12:56 - 2006-11-02 11:32 - 00101888 ____A (Infineon Technologies AG) C:\Windows\System32\ifxcardm.dll
2012-04-06 12:56 - 2006-11-02 11:32 - 00082432 ____A (Gemalto, Inc.) C:\Windows\System32\axaltocm.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3070.69 MB
Available physical RAM: 2557.19 MB
Total Pagefile: 2768.36 MB
Available Pagefile: 2598.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.16 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:288.03 GB) (Free:218.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.06 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.25 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Stato Dim. Libera Din Gpt
-------- ---------- ------- ------- --- ---
Disco 0 Pronto 298 Gbytes 1528 Kbytes
Disco 1 Pronto 973 Mbytes 0 byte
Disco 2 Nessun sup 0 byte 0 byte
Disco 3 Nessun sup 0 byte 0 byte
Disco 4 Nessun sup 0 byte 0 byte
Disco 5 Nessun sup 0 byte 0 byte

Partitions of Disk 0:
===============

Partition ### Tipo Dim. Offset
------------- ---------------- ------- -------
Partizione 1 Primario 288 Gb 32 Kb
Partizione 2 Primario 10 Gb 288 Gb

==================================================================================

Disk: 0
Partizione 1
Tipo : 07
Nascosta: No
Attiva : SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C HP NTFS Partizione 288 Gb Integro

==================================================================================

Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva : No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D FACTORY_IMA NTFS Partizione 10 Gb Integro

==================================================================================

Partitions of Disk 1:
===============

Partition ### Tipo Dim. Offset
------------- ---------------- ------- -------
Partizione 1 Primario 973 Mb 32 Kb

==================================================================================

Disk: 1
Partizione 1
Tipo : 0B
Nascosta: No
Attiva : SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Rimovibile 973 Mb Integro

==================================================================================

==========================================================

Last Boot: 2012-06-30 15:18

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 04 July 2012 - 11:47 AM

Please post the Fixlog.txt and please move on to ComboFix

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 GigiLan

GigiLan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 04 July 2012 - 01:04 PM

I can't move to combofix , sirefef is not delete and Pc reboot after 1 minute .

Farbar Recovery Scan Tool Version: 01-07-2012
Ran by SYSTEM at 2012-07-04 19:58:32
Running from F:\

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2012-04-07 11:53] - [2009-04-11 07:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2012-04-02 10:38] - [2008-01-19 08:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 09:35] - [2006-11-02 10:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\WINDOWS\System32\services.exe
[2012-04-07 11:53] - [2012-07-04 18:53] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 04 July 2012 - 01:17 PM

Hi,

Please run the following fix with FRST, then post the FixLog.txt, then see if you are able to run ComboFix:



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
replace: C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe C:\WINDOWS\System32\services.exe
2012-07-04 13:50 - 2012-07-04 13:50 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fidigytr.sys
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 GigiLan

GigiLan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 04 July 2012 - 03:40 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 2012-07-04 22:39:36 Run:4
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\WINDOWS\System32\services.exe moved successfully.
C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe copied successfully to C:\WINDOWS\System32\services.exe
C:\Windows\System32\Drivers\fidigytr.sys not found.

==== End of Fixlog ====

#8 GigiLan

GigiLan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 04 July 2012 - 04:10 PM

solved !!! many thanks !!!

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 04 July 2012 - 05:28 PM

Hi,

absence of symptoms doesn't mean the machine is completely clean, so please stay with me till I give you the all clear,

please run ComboFix and post the log

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 09 July 2012 - 09:08 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users