Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Wantoast

Wantoast

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 19 May 2013 - 04:58 AM

Hi!
I think this section should be the right one cause I have been redirected here directly from the ComboFix's introduction guide.
Then, English is not my main language, I hope my messages will be understandable!
 
Anyway, ComboFix has just finished analyzing my pc and I'd like to understand if there's still something that I have to do in order to remove remaining virus. Currently I have not any antivirus installed.
 
EDIT: Well, I saw that "DO NOT RUN ComboFix unless requested to." message. Now, obviously, I have already run it, but what I wanted to do was simply checking the pc.
 
Here you can see the log file:
ComboFix 13-05-18.03 - antonio 19/05/2013 11:13:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3948.2423 [GMT 2:00]
Eseguito da: c:\users\antonio\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\DownloadnSave
c:\programdata\DownloadnSave\background.html
c:\programdata\DownloadnSave\bhoclass.dll
c:\programdata\DownloadnSave\content.js
c:\programdata\DownloadnSave\data\content.js
c:\programdata\DownloadnSave\data\jsondb.js
c:\programdata\DownloadnSave\lfjckimbkbabfjnkapfcioelbjgfbgpp.crx
c:\programdata\DownloadnSave\settings.ini
c:\programdata\DownloadnSave\uninstall.exe
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\DownloadnSave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\Uninstall.lnk
c:\users\antonio\AppData\Local\assembly\tmp
c:\users\antonio\AppData\Roaming\dclogs
c:\users\antonio\AppData\Roaming\dclogs\2012-08-01-4.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-02-5.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-03-6.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-04-7.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-05-1.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-07-3.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-08-4.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-10-6.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-12-1.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-13-2.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-15-4.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-16-5.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-17-6.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-18-7.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-19-1.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-08-30-5.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-06-5.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-07-6.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-08-7.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-09-1.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-10-2.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-11-3.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-12-4.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-13-5.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-14-6.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-15-7.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-16-1.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-17-2.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-18-3.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-19-4.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-20-5.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-21-6.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-22-7.dc
c:\users\antonio\AppData\Roaming\dclogs\2012-09-23-1.dc
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-04-19 al 2013-05-19 )))))))))))))))))))))))))))))))))))
.
.
2013-05-19 09:25 . 2013-05-19 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-19 08:54 . 2013-05-19 08:54 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6122A10-A3C6-46E3-81DF-1DB07E4152D0}\offreg.dll
2013-05-19 08:48 . 2013-05-19 08:48 -------- d-----w- c:\users\antonio\AppData\Local\Max Secure Software
2013-05-19 08:48 . 2013-05-19 08:48 -------- d-----w- c:\users\antonio\AppData\Roaming\GetRightToGo
2013-05-17 19:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6122A10-A3C6-46E3-81DF-1DB07E4152D0}\mpengine.dll
2013-05-16 12:10 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 12:10 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 12:10 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 20:43 . 2013-05-15 20:58 -------- d-----w- c:\users\antonio\AppData\Roaming\Scribus
2013-05-15 20:37 . 2013-05-15 20:42 -------- d-----w- c:\program files\Scribus 1.4.2
2013-05-15 13:44 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 13:44 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 13:44 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 13:44 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 13:43 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 13:43 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 13:43 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 13:43 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 13:43 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 13:43 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 13:43 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 13:43 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-28 16:18 . 2013-04-28 16:18 -------- d-----w- c:\program files (x86)\CdCoverCreator
2013-04-28 10:31 . 2013-04-28 10:31 -------- d-----w- c:\windows\SysWow64\NV
2013-04-28 10:31 . 2013-04-28 10:31 -------- d-----w- c:\windows\system32\NV
2013-04-28 10:28 . 2013-04-28 10:28 -------- d-----w- c:\users\UpdatusUser
2013-04-28 10:28 . 2013-04-28 10:28 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-04-28 10:28 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-04-28 10:28 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-28 10:28 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-28 10:28 . 2013-03-15 04:16 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-04-28 10:28 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-04-28 10:28 . 2013-03-15 04:16 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-04-28 10:28 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-28 10:28 . 2013-03-15 04:16 1016096 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-04-28 10:28 . 2013-03-13 16:24 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-28 10:26 . 2013-03-15 05:53 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-28 10:26 . 2013-03-15 05:53 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-04-28 10:26 . 2013-04-28 10:26 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-28 10:15 . 2013-04-28 10:15 -------- d-----w- C:\NVIDIA
2013-04-25 10:14 . 2013-05-07 13:16 -------- d-----w- c:\users\antonio\.freemind
2013-04-25 10:14 . 2013-04-25 10:14 -------- d-----w- c:\program files (x86)\FreeMind
2013-04-25 10:09 . 2013-04-25 10:10 -------- d-----w- c:\program files (x86)\XMind
2013-04-25 10:09 . 2013-04-25 10:09 -------- d-----w- c:\users\antonio\AppData\Local\Programs
2013-04-24 21:22 . 2013-04-24 21:22 -------- d-----w- c:\users\antonio\Games
2013-04-24 21:21 . 2013-04-24 21:21 -------- d-----w- c:\program files\Nuova cartella
2013-04-24 21:20 . 2013-04-24 21:20 -------- d-----w- c:\program files (x86)\Warframe
2013-04-24 21:20 . 2013-04-28 13:43 -------- d-----w- c:\users\antonio\AppData\Local\Warframe
2013-04-24 18:47 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-22 15:24 . 2013-05-19 08:29 -------- d-----w- c:\users\antonio\AppData\Roaming\Yontoo
2013-04-22 15:24 . 2013-04-22 15:24 -------- d-----w- c:\program files (x86)\Yontoo
2013-04-22 15:24 . 2013-04-22 15:24 -------- d-----w- c:\programdata\Tarma Installer
2013-04-22 15:21 . 2013-04-22 15:21 -------- d-----w- c:\users\antonio\AppData\Local\PutLockerDownloader
2013-04-22 15:20 . 2013-04-22 15:20 -------- d-----w- c:\program files (x86)\1clickmoviedownloader.com
2013-04-21 21:59 . 2013-04-21 21:59 -------- d-----w- c:\windows\BACKUPSSS
2013-04-21 21:53 . 2013-04-21 21:53 -------- d-----w- c:\users\antonio\AppData\Local\Windows 7 Account Screen Editor
2013-04-21 18:04 . 2013-04-21 19:26 -------- d-----w- c:\users\antonio\AppData\Roaming\Launchy
2013-04-21 18:04 . 2013-04-21 19:26 -------- d-----w- c:\program files (x86)\Launchy
2013-04-19 22:01 . 2013-04-19 22:01 -------- d-----w- c:\users\antonio\AppData\Roaming\Rainmeter
2013-04-19 22:01 . 2013-04-19 22:01 -------- d-----w- c:\program files\Rainmeter
2013-04-19 15:19 . 2013-04-29 14:49 -------- d-----w- c:\users\antonio\AppData\Roaming\AIMP3
2013-04-19 15:18 . 2013-04-19 15:19 -------- d-----w- c:\program files (x86)\AIMP3
2013-04-19 14:08 . 2013-04-19 14:08 -------- d-----w- c:\users\antonio\AppData\Roaming\PotPlayerMini64
2013-04-19 14:00 . 2013-04-19 14:07 -------- d-----w- c:\program files\Daum
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 12:19 . 2012-11-23 15:53 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 12:18 . 2012-07-27 08:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 12:18 . 2012-03-19 15:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-13 18:31 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-04-29 09:03 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 18:55 . 2011-04-10 14:44 82944 ----a-r- c:\windows\sdbr.exe
2013-04-19 21:30 . 2013-04-18 17:24 925184 ----a-w- c:\windows\expstart.exe
2013-04-19 21:28 . 2009-07-13 23:57 20385280 ----a-w- c:\windows\system32\imageres.dll
2013-04-18 17:13 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2013-04-18 17:13 . 2012-02-27 17:22 2851840 ----a-w- c:\windows\system32\themeui.dll
2013-04-18 17:13 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2013-04-13 05:49 . 2013-05-15 13:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 14:58 . 2012-06-15 19:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-04 14:58 . 2012-04-25 13:43 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-04 03:35 . 2013-04-18 10:41 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-12 18:41 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-12 18:41 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-12 18:41 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-12 18:41 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-12 18:41 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-12 18:41 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-04-17 01:19 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoSizer"="c:\program files (x86)\AutoSizer\AutoSizer.exe" [2012-05-30 131072]
"Spotify Web Helper"="c:\users\antonio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-12 1199000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-3-24 36024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-9-7 9519544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-09 1431888]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-01-11 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-01-11 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-26 283200]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2012-10-12 83072]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-03-15 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-03-15 384888]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-24 347216]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-06 868224]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-04-17 23552]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-01-19 52264]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 13:47 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 12:18]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 20:30]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 20:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-06 860040]
"RemoveShowDesktopButton"="c:\windows\sdbr.exe" [2013-04-21 82944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.daum.net/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\antonio\AppData\Roaming\Mozilla\Firefox\Profiles\fjjjtdzx.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2013-04-11 17:54; clickmoviedownloader2@clickmoviedownloader.com; c:\users\antonio\AppData\Roaming\Mozilla\Firefox\Profiles\fjjjtdzx.default\extensions\clickmoviedownloader2@clickmoviedownloader.com.xpi
FF - user.js: extentions.y2layers.installId - 2b46325d-bfbc-4deb-80af-f3c59dd75391
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-1ClickDownload - c:\program files (x86)\PirateStreaming.com\uninst.exe
AddRemove-{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} - c:\programdata\DownloadnSave\uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1444283811-1601379005-3644323170-1002\Software\SecuROM\License information*]
"datasecu"=hex:08,54,9a,fc,c0,03,3b,3a,93,66,8e,d7,34,1a,78,e0,70,ad,10,d9,33,
4e,9a,2b,3c,76,b9,07,73,cb,b0,43,e5,9c,58,65,a3,9d,0c,b5,6e,2b,ee,66,88,3f,\
"rkeysecu"=hex:0f,1b,12,4a,fa,d2,c5,e8,3d,f0,f2,10,f7,6e,ba,2f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-05-19 11:28:37
ComboFix-quarantined-files.txt 2013-05-19 09:28
.
Pre-Run: 107.492.564.992 byte disponibili
Post-Run: 113.110.364.160 byte disponibili
.
- - End Of File - - 4D4196DA5E85B972DD5960C56FD666BA

Thanks in advice!

Edited by nasdaq, 23 May 2013 - 08:35 AM.
Code box removed.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 23 May 2013 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Also, do not use code boxes.
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 29 May 2013 - 09:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users