Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scvhost and STOP mouse


  • This topic is locked This topic is locked
2 replies to this topic

#1 AsthonCatch

AsthonCatch

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 01 January 2013 - 01:21 PM

Malwarebytes report this problem and at random time(from 5 minutes to 4-5 hours) my mouse stop work...I'm sure that isn't an hardware problem...
Help please...

Posted Image

(Sorry for my bad english)

ComboFix 13-01-01.02 - Compagnucci 01/01/2013 19:09:36.8.4 - x64 MINIMAL
Microsoft Windows 7 Professional N 6.1.7601.1.1252.39.1040.18.8154.7407 [GMT 1:00]
Eseguito da: c:\users\Compagnucci\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-01 al 2013-01-01 )))))))))))))))))))))))))))))))))))
.
.
2013-01-01 18:11 . 2013-01-01 18:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-01 18:11 . 2013-01-01 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 16:48 . 2013-01-01 16:48 -------- d-----w- c:\program files\CCleaner
2013-01-01 09:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5D14DBA-6068-4F16-B2B6-B70A75548AEE}\mpengine.dll
2012-12-31 09:41 . 2012-12-31 09:41 -------- d-----w- c:\users\Compagnucci\AppData\Roaming\Malwarebytes
2012-12-31 09:41 . 2012-12-31 09:41 -------- d-----w- c:\programdata\Malwarebytes
2012-12-31 09:41 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-31 09:38 . 2012-12-31 09:38 -------- d-----w- c:\users\Compagnucci\AppData\Local\Programs
2012-12-27 13:20 . 2012-12-27 13:20 666720 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-12-27 12:40 . 2012-12-27 12:40 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-12-24 14:08 . 2012-06-27 08:37 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-12-24 14:01 . 2012-12-24 14:01 -------- d-----w- c:\program files (x86)\MyFree Codec
2012-12-24 14:00 . 2012-12-24 14:00 -------- d-----w- c:\program files (x86)\MarkAny
2012-12-24 13:59 . 2012-12-24 13:59 -------- d-----w- c:\users\Compagnucci\AppData\Local\Samsung
2012-12-24 13:59 . 2012-12-28 01:11 -------- d-----w- c:\users\Compagnucci\AppData\Roaming\Samsung
2012-12-24 13:55 . 2012-11-28 13:18 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-12-24 13:55 . 2012-12-28 01:11 -------- d-----w- c:\program files (x86)\Samsung
2012-12-24 13:55 . 2012-12-28 01:11 -------- d-----w- c:\programdata\Samsung
2012-12-21 15:28 . 2012-12-21 15:28 -------- d-----w- C:\Temp
2012-12-21 09:50 . 2012-12-21 09:50 -------- d-----w- c:\program files (x86)\Gophoto.it
2012-12-21 02:59 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 02:59 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 02:59 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 02:59 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-11 20:00 . 2012-12-11 20:00 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-12-07 14:24 . 2012-12-27 08:46 -------- d-----w- c:\program files (x86)\Point Blank Italia
2012-12-06 15:16 . 2012-12-06 15:16 -------- d-----w- c:\program files\Common Files\DESIGNER
2012-12-06 15:13 . 2012-12-06 15:13 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-12-06 15:13 . 2012-12-06 15:13 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-12-06 15:13 . 2012-12-06 15:13 -------- d-----w- c:\users\Compagnucci\AppData\Local\Microsoft Help
2012-12-06 15:13 . 2012-12-13 15:50 -------- d-----w- c:\programdata\Microsoft Help
2012-12-06 15:13 . 2012-12-06 15:16 -------- d-----w- c:\program files\Microsoft Office
2012-12-06 15:13 . 2012-12-06 15:13 -------- d-----r- C:\MSOCache
2012-12-06 14:47 . 2012-12-06 14:47 -------- d-----w- c:\users\Compagnucci\AppData\Local\MicrosoftStore
2012-12-03 22:08 . 2012-12-03 22:08 -------- d-----w- c:\users\Compagnucci\PROVA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 15:49 . 2012-06-05 23:16 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 20:00 . 2012-12-11 20:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-11 19:08 . 2012-06-05 23:26 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 19:08 . 2012-06-05 23:26 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 13:17 . 2012-11-28 13:17 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-11-28 13:17 . 2012-11-28 13:17 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-11-28 13:17 . 2012-11-28 13:17 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-11-28 13:17 . 2012-11-28 13:17 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-11-28 13:17 . 2012-11-28 13:17 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-11-28 13:17 . 2012-11-28 13:17 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-11-28 13:17 . 2012-11-28 13:17 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-11-28 13:17 . 2012-11-28 13:17 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-11-28 13:17 . 2012-11-28 13:17 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-11-28 13:17 . 2012-11-28 13:17 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-11-28 13:17 . 2012-11-28 13:17 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-11-28 13:17 . 2012-11-28 13:17 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-11-28 13:17 . 2012-11-28 13:17 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-11-28 09:35 . 2012-10-11 20:30 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-17 23:51 . 2012-06-07 12:54 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-16 18:18 . 2012-11-16 18:18 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-16 18:18 . 2012-11-16 18:18 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-16 18:18 . 2012-11-16 18:18 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-16 18:18 . 2012-11-16 18:18 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-16 18:18 . 2012-11-16 18:18 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-16 18:18 . 2012-11-16 18:18 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-16 18:18 . 2012-11-16 18:18 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-16 18:18 . 2012-11-16 18:18 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-16 18:18 . 2012-11-16 18:18 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-16 18:18 . 2012-11-16 18:18 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-16 18:18 . 2012-11-16 18:18 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-16 18:18 . 2012-11-16 18:18 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-16 18:18 . 2012-11-16 18:18 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-16 18:18 . 2012-11-16 18:18 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-16 18:18 . 2012-11-16 18:18 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-16 18:18 . 2012-11-16 18:18 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-16 18:18 . 2012-11-16 18:18 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-16 18:18 . 2012-11-16 18:18 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-16 18:18 . 2012-11-16 18:18 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-16 18:18 . 2012-11-16 18:18 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-16 18:18 . 2012-11-16 18:18 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-16 18:18 . 2012-11-16 18:18 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-16 18:18 . 2012-11-16 18:18 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-16 18:18 . 2012-11-16 18:18 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-16 18:18 . 2012-11-16 18:18 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-16 18:17 . 2012-11-16 18:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-16 18:17 . 2012-11-16 18:17 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-16 18:17 . 2012-11-16 18:17 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-16 18:17 . 2012-11-16 18:17 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-16 18:17 . 2012-11-16 18:17 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-16 18:17 . 2012-11-16 18:17 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-16 18:17 . 2012-11-16 18:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-16 18:17 . 2012-11-16 18:17 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-16 18:17 . 2012-11-16 18:17 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-16 08:38 . 2012-11-29 06:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 06:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 06:58 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 20:30 . 2012-10-11 20:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-11 20:30 . 2012-06-05 17:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-09 18:17 . 2012-11-16 05:55 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 05:55 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 05:55 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 05:55 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="e:\advanced systemcare\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"amd_dc_opt"="e:\batman\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Compagnucci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\program files (x86)\otshot\otshotmainfile.exe [2012-7-3 698368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - e:\ivan\League of Legends\LOLReplay\LOLRecorder.exe [2012-10-31 522752]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 qdifvrix;qdifvrix; [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 MBAMScheduler;MBAMScheduler;e:\malwarebyte's\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;e:\malwarebyte's\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 PowerOffer Service;Pos Service;c:\users\Compagnucci\AppData\Local\PosService\Pos.exe [2012-04-03 169472]
R2 ServUpdater;Serv Updater;c:\users\Compagnucci\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SoftwareUpd;Software Upd;c:\users\Compagnucci\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64; [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-08-08 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-16 19456]
R3 SPC2050;USB2.0 PC Camera (SPC2050);c:\windows\system32\DRIVERS\spc2050.sys [2010-01-05 3297792]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-16 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-16 30208]
R3 TunngleService;TunngleService;e:\borderlands 2\TUNNGLE\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-07 283200]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Driver hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Driver Controller Host estendibile Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 19:08]
.
2013-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1754639000-1866868824-3106368248-1000Core.job
- c:\users\Compagnucci\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11 09:59]
.
2013-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1754639000-1866868824-3106368248-1000UA.job
- c:\users\Compagnucci\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11 09:59]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 08:02]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"PLF2050"="c:\windows\PLF2050.exe" [2010-01-05 40960]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant =
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{65D5AF91-2C13-4677-90D3-7AB3D2A0A6EA}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Compagnucci\AppData\Roaming\Mozilla\Firefox\Profiles\tscdt04x.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2012-12-21 10:50; torntv@torntv.com; c:\users\Compagnucci\AppData\Roaming\Mozilla\Firefox\Profiles\tscdt04x.default\extensions\torntv@torntv.com.xpi
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-1ClickDownload - c:\program files (x86)\TornTV.com\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1754639000-1866868824-3106368248-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1754639000-1866868824-3106368248-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-01-01 19:12:15
ComboFix-quarantined-files.txt 2013-01-01 18:12
ComboFix2.txt 2012-12-31 10:57
ComboFix3.txt 2012-12-31 10:44
ComboFix4.txt 2012-12-31 10:31
ComboFix5.txt 2013-01-01 18:09
.
Pre-Run: 7.195.295.744 byte disponibili
Post-Run: 7.032.463.360 byte disponibili
.
- - End Of File - - 5FC15EB56E5FCDE568DAF7C9057C90F3

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 AM

Posted 03 January 2013 - 01:26 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

It looks like Mbam is protecting you. The popups are annoying.

To disable the popups
1. Open Malwarebytes
2. Click on the Protection tab
3. Uncheck/untick the last item
"Show tooltip balloon when malicious website is blocked"
4. Click the exit button rather than the X at the top right to close the window.

I suggest you run these additional tools and post the logs for my review.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 AM

Posted 09 January 2013 - 09:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users