Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with BackDoor.HydraLoader.origin / Win32.Troj. Undef(kcloud)?


  • This topic is locked This topic is locked
22 replies to this topic

#1 rosencraft

rosencraft

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 28 June 2013 - 09:41 PM

My girlfriend downloaded and ran this file  "x264 Video Codecs XP-Win7.exe" on her windows 7 computer. She got it from a torrent and the file results the following on virus total scan

 

https://www.virustotal.com/it/file/b19e0a4855ce7af346ae67a2479a3826d54909793f923bf48498394e2c02dfb0/analysis/

 

I am sure that is not a "safe" file to run on a windows computer.

 

Since we have used sometimes this computer to buy on internet I started to panic and I know that I made a mistake but I ran dss then housecall Trendmicro (which even on the scanned file does not detect any threats) then tdsskiller and then finally combofix which I know now I should not run.

 

This are the dss logs. Can you please just have a look at them? Thank you in advance

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Alessia at 21:25:56 on 2013-06-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3957.793 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\hh.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\UI0Detect.exe
C:\Users\Alessia\AppData\Local\Temp\HouseCall\housecall.bin
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uSearch Bar = Preserve
uProxyServer = proxymed.citicord.uniroma1.it:8080
uURLSearchHooks: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Guida per l'accesso all'account Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001013-0002-0013-ABCDEFFEDCBC} - <orphaned>
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\3596475636F6D6F5266616635603 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\3596475636F6D6F5266616635603 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\840793939393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\8483939393 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\8483939393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BBD7A077-B3C9-42F8-A907-C80E2C0D769F} : DHCPNameServer = 10.174.30.244 10.11.230.3
TCP: Interfaces\{CC990EA2-25DA-4E6E-A8AD-D0CCA3D72F8F} : DHCPNameServer = 193.70.152.25 212.52.97.25
TCP: Interfaces\{DE640252-BE63-4F37-949F-BA8C928409B5} : DHCPNameServer = 193.70.152.25 212.52.97.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\hhu7mey9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&source=hp&btnG=Cerca+con+Google&gbv=2
FF - prefs.js: network.proxy.ftp - 151.100.101.138
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 151.100.101.138
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 151.100.101.138
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 151.100.101.138
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-2-24 141920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-31 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-4-4 130008]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-12 2320920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-12-23 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-7-12 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-11 56344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-11 98208]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-11 220672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-19 1255736]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
.
=============== Created Last 30 ================
.
2013-06-29 01:21:54    0    ----a-w-    C:\Windows\System32\atiuxpag.dll
2013-06-29 01:21:54    0    ----a-w-    C:\Windows\System32\atidxx32.dll
2013-06-29 01:21:54    0    ----a-w-    C:\Windows\System32\aticfx32.dll
2013-06-29 01:04:54    173504    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2013-06-28 16:33:50    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8AA42-CC21-4509-9B8D-E6078286A78D}\mpengine.dll
2013-06-27 05:10:45    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 01:30:41    --------    d-----w-    C:\ProgramData\Ask
2013-06-21 01:30:34    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 00:15:07    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{283D3C7D-47A5-4FF5-8428-83CBC6E23767}\gapaengine.dll
2013-06-15 14:44:20    9089416    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-15 14:11:43    279040    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-15 14:10:06    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-15 14:09:56    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-06-15 14:09:56    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-06-15 14:09:50    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-15 14:09:49    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-06-15 14:09:34    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-06-15 14:09:33    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-15 14:08:24    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-06-15 14:08:23    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-06-15 14:08:23    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-06-15 14:08:23    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-06-15 14:08:23    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-06-15 14:08:23    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-06-15 14:08:22    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-06-15 14:08:22    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-06-15 14:08:22    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-06-15 14:08:22    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-06-15 14:08:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-06-15 14:08:16    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-06-08 18:33:41    --------    d-----w-    C:\Program Files\iPod
2013-06-08 18:33:40    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 18:33:40    --------    d-----w-    C:\Program Files\iTunes
2013-06-08 18:33:40    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-06-04 20:33:43    --------    d-----w-    C:\Users\Alessia\AppData\Local\ElevatedDiagnostics
2013-06-02 13:42:15    --------    d-----w-    C:\Program Files (x86)\PDF Architect
2013-06-02 13:36:53    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-02 13:35:26    662288    ----a-w-    C:\Windows\SysWow64\MSCOMCT2.OCX
2013-06-02 13:35:26    137000    ----a-w-    C:\Windows\SysWow64\MSMAPI32.OCX
2013-06-02 13:35:26    1070152    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2013-06-02 13:35:22    110264    ----a-w-    C:\Windows\System32\pdfcmon.dll
2013-06-02 13:35:20    63488    ----a-w-    C:\Windows\SysWow64\MSCC2IT.DLL
2013-06-02 13:35:20    23552    ----a-w-    C:\Windows\SysWow64\MSMPIDE.DLL
2013-06-02 13:35:20    150528    ----a-w-    C:\Windows\SysWow64\MSCMCIT.DLL
2013-06-02 13:35:20    122128    ----a-w-    C:\Windows\SysWow64\VB6IT.DLL
2013-06-02 13:35:20    --------    d-----w-    C:\Program Files (x86)\PDFCreator
2013-06-02 11:07:33    379392    ----a-w-    C:\Users\Alessia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blockify Lite 0.4.exe
.
==================== Find3M  ====================
.
2013-06-29 01:23:00    29    ----a-w-    C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-06-15 14:44:45    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 14:44:45    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-13 01:48:23    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 01:48:17    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-04 12:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2006-05-03 10:06:54    163328    --sha-r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16    31232    --sha-r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52    216064    --sha-r-    C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00    107520    --sha-r-    C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 21:31:19,86 ===============
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 29 June 2013 - 10:44 PM

I also found on the internet this website which describes virus behaviour since SHA256 from my computer and file match.

 

https://malwr.com/analysis/NDJiZWM1N2UyNTNlNGYyNDk0MTg2MjgwZTc5ZDEzZjM/#



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 03 July 2013 - 09:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499558 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 07 July 2013 - 02:54 PM

Hi!
 
I still do not know if this computer can be considered free from virus or backdoors. Not all antivirus identify this file as a backdoor.
 
Here I post the new dss post.
 
Thank you
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Alessia at 15:46:59 on 2013-07-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3957.2075 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\alg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uProxyServer = proxymed.citicord.uniroma1.it:8080
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\3596475636F6D6F5266616635603 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\3596475636F6D6F5266616635603 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\840793939393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\8483939393 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\8483939393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BBD7A077-B3C9-42F8-A907-C80E2C0D769F} : DHCPNameServer = 10.174.30.244 10.11.230.3
TCP: Interfaces\{CC990EA2-25DA-4E6E-A8AD-D0CCA3D72F8F} : DHCPNameServer = 193.70.152.25 212.52.97.25
TCP: Interfaces\{DE640252-BE63-4F37-949F-BA8C928409B5} : DHCPNameServer = 193.70.152.25 212.52.97.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 151.100.101.138
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 151.100.101.138
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 151.100.101.138
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 151.100.101.138
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-28 22:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-30 21:45; {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
FF - ExtSQL: 2013-06-30 21:46; {8bdc9bc7-0cf3-4c3e-a92b-84abbfe14503}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{8bdc9bc7-0cf3-4c3e-a92b-84abbfe14503}.xpi
FF - ExtSQL: 2013-06-30 21:48; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-06-30 21:48; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2013-06-30 21:48; {d5ea4520-61a1-11da-8cd6-0800200c9a66}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi
FF - ExtSQL: 2013-06-30 21:48; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-06-30 21:48; {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
FF - ExtSQL: 2013-06-30 21:48; {0545b830-f0aa-4d7e-8820-50a4629a56fe}; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - ExtSQL: 2013-06-30 21:48; optout@google.com; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\optout@google.com.xpi
FF - ExtSQL: 2013-06-30 21:48; ireader@samabox.com; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\ireader@samabox.com.xpi
FF - ExtSQL: 2013-06-30 21:48; gmailnoads@mywebber.com; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-06-30 21:48; autopager@mozilla.org; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: 2013-06-30 21:48; artur.dubovoy@gmail.com; C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\artur.dubovoy@gmail.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-6-29 56016]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-2-24 141920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-12 2320920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-7-12 172704]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-31 283200]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-11 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-11 98208]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-12-23 35104]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-4-4 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-11 220672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-19 1255736]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
.
=============== Created Last 30 ================
.
2013-07-07 05:12:25    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B4C30D8-E4F5-441D-A17F-0977894B2FE3}\mpengine.dll
2013-07-04 04:12:41    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-30 03:55:45    52790    ----a-w-    C:\BackupPostVirus.reg
2013-06-30 03:00:48    56016    ----a-w-    C:\Windows\System32\drivers\fsbts.sys
2013-06-29 06:02:27    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-29 02:52:48    --------    d-----w-    C:\Users\Alessia\Doctor Web
2013-06-29 01:21:54    0    ----a-w-    C:\Windows\System32\atiuxpag.dll
2013-06-29 01:21:54    0    ----a-w-    C:\Windows\System32\atidxx32.dll
2013-06-29 01:21:54    0    ----a-w-    C:\Windows\System32\aticfx32.dll
2013-06-21 01:30:41    --------    d-----w-    C:\ProgramData\Ask
2013-06-21 01:30:34    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 00:15:07    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{283D3C7D-47A5-4FF5-8428-83CBC6E23767}\gapaengine.dll
2013-06-15 14:44:20    9089416    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-15 14:11:43    279040    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-15 14:10:06    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-15 14:09:56    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-06-15 14:09:56    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-06-15 14:09:50    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-15 14:09:49    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-06-15 14:09:34    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-06-15 14:09:33    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-15 14:08:24    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-06-15 14:08:23    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-06-15 14:08:23    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-06-15 14:08:23    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-06-15 14:08:23    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-06-15 14:08:23    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-06-15 14:08:22    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-06-15 14:08:22    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-06-15 14:08:22    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-06-15 14:08:22    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-06-15 14:08:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-06-15 14:08:16    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-06-08 18:33:41    --------    d-----w-    C:\Program Files\iPod
2013-06-08 18:33:40    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 18:33:40    --------    d-----w-    C:\Program Files\iTunes
2013-06-08 18:33:40    --------    d-----w-    C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-07-07 19:10:04    29    ----a-w-    C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-06-15 14:44:45    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 14:44:45    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-13 01:48:23    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 01:48:17    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-09 13:13:52    110264    ----a-w-    C:\Windows\System32\pdfcmon.dll
2006-05-03 10:06:54    163328    --sha-r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16    31232    --sha-r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52    216064    --sha-r-    C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00    107520    --sha-r-    C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 15:48:13,21 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20/09/2010 09:52:46
System Uptime: 07/07/2013 14:01:32 (1 hours ago)
.
Motherboard: Dell Inc. | | 0M9XW4
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | U2E1 | 2130/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 127,638 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP268: 28/06/2013 22:51:38 - ComboFix created restore point
RP269: 30/06/2013 02:14:23 - Windows Update
RP270: 04/07/2013 00:12:02 - Windows Update
RP271: 07/07/2013 01:10:33 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03) - Italiano
Advanced Audio FX Engine
Advanced PDF Password Recovery
Amazon Send to Kindle
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Android Commander version 0.7.9.11
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
µTorrent
Bonjour
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Centro gestione dispositivi Windows Mobile
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Driver Download Manager
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
DVDFab 7.0.6.6 (29/05/2010)
eMule AdunanzA
eReg
gpedt.msc 1.0
High-Definition Video Playback 10
iCloud
inSSIDer
Intel® Management Engine Components
iPhone Explorer 2.1.2.3
ISO Recorder
iTunes
Java 7 Update 25
Java Auto Updater
JDownloader 0.9
Live! Cam Avatar Creator
Logitech SetPoint 6.32
Malwarebytes Anti-Malware versione 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Italian) 2010
Microsoft Office Excel MUI (Italian) 2010
Microsoft Office Groove MUI (Italian) 2010
Microsoft Office InfoPath MUI (Italian) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Italian) 2010
Microsoft Office Outlook MUI (Italian) 2010
Microsoft Office PowerPoint MUI (Italian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (Italian) 2010
Microsoft Office Publisher MUI (Italian) 2010
Microsoft Office Shared 32-bit MUI (Italian) 2010
Microsoft Office Shared MUI (Italian) 2010
Microsoft Office Word MUI (Italian) 2010
Microsoft Outlook Hotmail Connector 64-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Client IT-IT Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mobipocket Reader 6.2
Movie Maker
Mozilla Firefox 22.0 (x86 it)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Nokia Connectivity Cable Driver
Nokia Suite
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
PDF Architect
PDFCreator
Photo Common
Photo Gallery
Quickset64
Raccolta foto
Realtek High Definition Audio Driver
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 6.3
Spotify
SUPER © v2012.build.54 (Nov 18, 2012) versione v2012.build.54
Supporto applicazioni Apple
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
vanBasco's Karaoke Player
Viber
VLC media player 2.0.6
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center Driver Update
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 07 July 2013 - 10:13 PM.
Posted Attach log


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 07 July 2013 - 10:10 PM

Greetings rosencraft and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.e fo

While I am reviewing the information please do the following.

===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 07 July 2013 - 10:37 PM

Greetings,

Please consider and complete the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Disable CD Emulation

--------------------
  • Please download DeFogger and save it to your desktop
  • Double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Farbar log
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 11 July 2013 - 08:35 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 July 2013 - 04:36 PM

HI Oh My, sorry for now answering quickly, I am in the USA now so i do not have always internet. I want to try to disinfect this computer because new install would take a lot of time (reinstall windows and all the stuff, office etc)  I have to say that I have daemon tools lite (cd emulation) and prey anti theft installed.

 

Here is attached combofix log

 

ComboFix 13-07-14.01 - Alessia 14/07/2013  17:10:05.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3957.1688 [GMT -4:00]
Eseguito da: c:\users\Alessia\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\1a3879e8-dfe0-4d00-87f6-f2db19ac1eee.dll
c:\programdata\PCDr\6261\AddOnDownloaded\1f7e3200-2791-441e-8615-1258d84e5f61.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31e827f4-bf26-41e4-9984-6422402c51da.dll
c:\programdata\PCDr\6261\AddOnDownloaded\3648a8b0-3389-4840-be40-db026cb0b248.dll
c:\programdata\PCDr\6261\AddOnDownloaded\3820d79a-0389-4fd9-b10c-00d2774e8996.dll
c:\programdata\PCDr\6261\AddOnDownloaded\5e1499b7-780b-4b0e-8240-0221e699a647.dll
c:\programdata\PCDr\6261\AddOnDownloaded\7a273375-a427-45b1-8925-a4fd3312f55b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\958decf6-f105-42b7-b2b8-ecb97b06448b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ab0b7706-a6c8-49aa-9f56-0787e2a45b0b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b9659de3-009a-489a-9910-f3747d7d70c2.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6261\AddOnDownloaded\c088a81a-a965-4da7-8b79-eda53ddfa390.dll
c:\programdata\PCDr\6261\AddOnDownloaded\dfd672c1-69ab-446f-b44e-a23e9b8c7410.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f6023957-62a3-406c-842a-e25d2b71072a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
c:\users\Alessia\AppData\Roaming\inst.exe
c:\windows\SysWow64\drivers\npf.sys
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-06-14 al 2013-07-14  )))))))))))))))))))))))))))))))))))
.
.
2013-07-14 20:56 . 2013-07-14 20:56    --------    d-----w-    c:\windows\it
2013-07-14 20:53 . 2010-06-02 08:55    77656    ----a-w-    c:\windows\system32\XAPOFX1_5.dll
2013-07-14 20:53 . 2010-06-02 08:55    74072    ----a-w-    c:\windows\SysWow64\XAPOFX1_5.dll
2013-07-14 20:53 . 2010-06-02 08:55    527192    ----a-w-    c:\windows\SysWow64\XAudio2_7.dll
2013-07-14 20:53 . 2010-06-02 08:55    518488    ----a-w-    c:\windows\system32\XAudio2_7.dll
2013-07-14 20:53 . 2010-05-26 15:41    2526056    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2013-07-14 20:53 . 2010-05-26 15:41    2106216    ----a-w-    c:\windows\SysWow64\D3DCompiler_43.dll
2013-07-14 20:52 . 2010-05-26 15:41    276832    ----a-w-    c:\windows\system32\d3dx11_43.dll
2013-07-14 20:52 . 2010-05-26 15:41    248672    ----a-w-    c:\windows\SysWow64\d3dx11_43.dll
2013-07-14 20:52 . 2009-09-04 21:29    453456    ----a-w-    c:\windows\SysWow64\d3dx10_42.dll
2013-07-14 20:52 . 2009-09-04 21:29    523088    ----a-w-    c:\windows\system32\d3dx10_42.dll
2013-07-14 20:49 . 2013-07-14 20:49    537432    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8f41d2571ce80d304\DXSETUP.exe
2013-07-14 20:49 . 2013-07-14 20:49    89944    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8f41d2571ce80d304\DSETUP.dll
2013-07-14 20:49 . 2013-07-14 20:49    1801048    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8f41d2571ce80d304\dsetup32.dll
2013-07-14 20:48 . 2013-07-14 20:48    94040    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\7f3756b31ce80d302\DSETUP.dll
2013-07-14 20:48 . 2013-07-14 20:48    525656    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\7f3756b31ce80d302\DXSETUP.exe
2013-07-14 20:48 . 2013-07-14 20:48    1691480    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\7f3756b31ce80d302\dsetup32.dll
2013-07-14 20:48 . 2013-07-14 20:48    89944    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\7d4fdd5d1ce80d301\DSETUP.dll
2013-07-14 20:48 . 2013-07-14 20:48    537432    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\7d4fdd5d1ce80d301\DXSETUP.exe
2013-07-14 20:48 . 2013-07-14 20:48    1801048    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\7d4fdd5d1ce80d301\dsetup32.dll
2013-07-14 20:38 . 2003-06-13 03:25    7062    ----a-w-    c:\windows\SysWow64\audiopid.vxd
2013-07-14 20:36 . 2013-07-14 20:36    --------    d-----w-    c:\programdata\Creative
2013-07-14 20:36 . 2013-07-14 20:36    --------    d-----w-    c:\users\Alessia\AppData\Roaming\Creative
2013-07-14 19:17 . 2013-07-14 19:17    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-14 19:17 . 2013-07-14 19:17    --------    d-----w-    c:\program files (x86)\DAEMON Tools Lite
2013-07-14 07:25 . 2013-07-14 07:25    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CA24A17-D534-44A2-8A94-02264FD05EE1}\offreg.dll
2013-07-14 07:17 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CA24A17-D534-44A2-8A94-02264FD05EE1}\mpengine.dll
2013-07-13 21:01 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-12 04:35 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-06-30 03:55 . 2013-06-30 03:55    52790    ----a-w-    C:\BackupPostVirus.reg
2013-06-30 03:45 . 2013-06-30 03:45    --------    d-----w-    c:\programdata\McAfee
2013-06-30 03:00 . 2013-06-30 03:00    56016    ----a-w-    c:\windows\system32\drivers\fsbts.sys
2013-06-29 01:21 . 2013-06-29 01:21    0    ----a-w-    c:\windows\system32\atiuxpag.dll
2013-06-29 01:21 . 2013-06-29 01:21    0    ----a-w-    c:\windows\system32\atidxx32.dll
2013-06-29 01:21 . 2013-06-29 01:21    0    ----a-w-    c:\windows\system32\aticfx32.dll
2013-06-21 01:30 . 2013-06-13 01:47    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 00:15 . 2013-06-21 00:12    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{283D3C7D-47A5-4FF5-8428-83CBC6E23767}\gapaengine.dll
2013-06-19 01:50 . 2013-06-19 01:50    247216    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-06-15 14:44 . 2013-06-15 14:44    9089416    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-15 14:10 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-15 14:09 . 2013-05-10 05:49    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-15 14:09 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-06-15 14:09 . 2013-04-26 05:51    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-15 14:09 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-06-15 14:09 . 2013-04-17 06:24    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-06-15 14:09 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-06-15 14:08 . 2013-05-13 03:43    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-06-15 14:08 . 2013-05-13 05:51    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-15 14:08 . 2013-05-13 05:51    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-15 14:08 . 2013-05-13 05:51    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-15 14:08 . 2013-05-13 04:45    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-15 14:08 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-06-15 14:08 . 2013-05-13 05:50    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-06-15 14:08 . 2013-05-13 04:45    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-15 14:08 . 2013-05-13 04:45    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-15 14:08 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-06-15 14:08 . 2013-04-25 23:30    1505280    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-06-15 14:08 . 2013-03-31 22:52    1887232    ----a-w-    c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 20:52 . 2013-01-14 19:54    29    ----a-w-    c:\windows\SysWow64\TempWmicBatchFile.bat
2013-07-14 19:05 . 2012-08-06 19:23    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-14 19:05 . 2011-05-15 16:40    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 19:20 . 2010-10-26 17:03    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-19 01:50 . 2012-04-04 15:52    139616    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-13 01:48 . 2013-02-22 23:21    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-13 01:48 . 2010-07-12 16:06    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-21 18:28 . 2012-06-18 14:55    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2010-10-18 15:53    278800    ------w-    c:\windows\system32\MpSigStub.exe
2006-05-03 10:06    163328    --sha-r-    c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47    31232    --sha-r-    c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30    216064    --sha-r-    c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00    107520    --sha-r-    c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk /r \??\E:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
R3 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 19:05]
.
2013-07-14 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-30 23:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxymed.citicord.uniroma1.it:8080
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\3596475636F6D6F5266616635603: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4BAB703C-15AE-4E67-990E-0E7BDFDA6D78}\8483939393: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 151.100.101.138
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 151.100.101.138
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 151.100.101.138
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 151.100.101.138
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-28 22:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-30 21:45; {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
FF - ExtSQL: 2013-06-30 21:46; {8bdc9bc7-0cf3-4c3e-a92b-84abbfe14503}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{8bdc9bc7-0cf3-4c3e-a92b-84abbfe14503}.xpi
FF - ExtSQL: 2013-06-30 21:48; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-06-30 21:48; {dc572301-7619-498c-a57d-39143191b318}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2013-06-30 21:48; {d5ea4520-61a1-11da-8cd6-0800200c9a66}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi
FF - ExtSQL: 2013-06-30 21:48; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-06-30 21:48; {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
FF - ExtSQL: 2013-06-30 21:48; {0545b830-f0aa-4d7e-8820-50a4629a56fe}; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - ExtSQL: 2013-06-30 21:48; optout@google.com; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\optout@google.com.xpi
FF - ExtSQL: 2013-06-30 21:48; ireader@samabox.com; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\ireader@samabox.com.xpi
FF - ExtSQL: 2013-06-30 21:48; gmailnoads@mywebber.com; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-06-30 21:48; autopager@mozilla.org; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: 2013-06-30 21:48; artur.dubovoy@gmail.com; c:\users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\extensions\artur.dubovoy@gmail.com.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-50241067.sys
AddRemove-{966DAE1C-E18E-72A0-4BA3-B7A857157F34} - c:\progra~3\INSTAL~1\{743DE~1\Setup.exe
AddRemove-{D7FC72DA-8EB9-E278-22C3-C3A241B6D758} - c:\progra~3\INSTAL~1\{CC12F~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"=hex:51,66,7a,6c,4c,1d,38,12,5f,a7,b0,
   21,89,7e,a6,02,d2,7c,a2,46,3d,5f,57,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3A2D5EBA-F86D-4BD3-A177-019765996711}"=hex:51,66,7a,6c,4c,1d,38,12,d4,5d,3e,
   3e,5f,b6,bd,0e,de,61,42,d7,60,c7,23,05
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{E673291A-A01F-D6A7-2890-8CC6F23846C8}"=hex:51,66,7a,6c,4c,1d,38,12,74,2a,60,
   e2,2d,ee,c9,93,57,86,cf,86,f7,66,02,dc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:39,8e,94,5c,a3,fd,cd,01
.
[HKEY_USERS\S-1-5-21-2985611181-3325906491-3655833620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2985611181-3325906491-3655833620-1001)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-2985611181-3325906491-3655833620-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2985611181-3325906491-3655833620-1001)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Ora fine scansione: 2013-07-14  17:30:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2013-07-14 21:30
.
Pre-Run: 121.399.476.224 byte disponibili
Post-Run: 121.229.074.432 byte disponibili
.
- - End Of File - - A06CA37348D6619DA3197F4BE1DC0EAA
A36C5E4F47E84449FF07ED3517B43A31
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 14 July 2013 - 04:49 PM

Thank you for the Combofix log. Please don't miss Post #6. In addition, I must caution about the following.

===================================================

CRACKING SOFTWARE WARNING

--------------------
 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Quote
...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 July 2013 - 04:50 PM

Hi, I used Deffoger to disable cd emulation (daemont tools was already disabled) and it did not make me reboot.

Then I used AdwCleaner and here I post the results

 

# AdwCleaner v2.305 - Logfile creato il 14/07/2013 alle 17:43:48
# Aggiornamento 11/07/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Alessia - ALEX-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Alessia\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\Conduit
Cartella Eliminato : C:\Program Files (x86)\continuetosave
Cartella Eliminato : C:\Users\Alessia\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\jetpack
Cartella Eliminato : C:\Users\Alessia\AppData\Roaming\pdfforge

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminata : HKCU\Software\AppDataLow\SProtector
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\YahooPartnerToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASMANCS
Chiave Eliminata : HKLM\Software\SProtector
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Browser Internet] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registro Pulito.

-\\ Mozilla Firefox v22.0 (it)

File : C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default-1372472337266\prefs.js

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [2560 octets] - [14/07/2013 17:43:13]
AdwCleaner[S1].txt - [2545 octets] - [14/07/2013 17:43:48]

########## EOF - C:\AdwCleaner[S1].txt - [2605 octets] ##########
 



#11 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 July 2013 - 04:55 PM

Hi Oh My,

 

first off thank you very much for your precious help

this is my girlfriend computer so I do not think she visited many crack/keygen websites, however we used my mac computer and we changed her credit card password already and we are thinking about blocking it. Do you think that we really have to format the computer? I am going to post the other logs



#12 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 July 2013 - 05:03 PM

Here is JunkWare Removal tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by Alessia on 14/07/2013 at 17:57:25,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F77DF2E5-1ABD-408A-B89A-E6DBAE072304}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{008F6C48-7387-4D2F-8A77-E6AA8080B51C}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{025FB4F2-A830-4088-92D5-7330B4E89CD0}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{0C609A0D-3FE0-48D6-BC6D-ECF17A7143D3}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{289B06CF-43DD-4A2E-B7F5-F51384ED739E}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{2BBAA9A4-4080-44B7-8D1F-4F78D307FC58}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{312A784D-BC41-4A93-9866-C35F74D71681}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{330F6CFF-8921-4567-A81D-71831822449F}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{342AE733-2D64-4C6B-BA1C-A087A8345581}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{3D4B03CC-6879-4D6E-9BEF-BEBD06F7AF56}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{3E617FE4-DA8A-4A36-8446-42A2607394BE}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{53C635CC-4C0E-41C9-B2B5-3BEDD5BD699A}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{54A80A2A-0DC3-4F0E-A1F3-06F62C469917}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{554D6BB5-5641-45A6-8CF5-8DAC17266702}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{600DB684-CE01-4B8D-9059-D6D694200EA0}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{6DE95D60-D38C-4201-8CA6-055EF026B911}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{7D939D4D-D7B0-4782-A212-003F4814963E}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{8785B460-3202-49D6-B06A-0914805D6381}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{93F63EB7-454E-4780-BA43-864E49C0F662}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{A734C0A0-00C9-404D-AA14-718919028C2D}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{A92446FC-4D2F-4098-B150-301DE11017F8}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{B33BA9B4-F808-4695-B1CD-49C3C9C05BA0}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{BC18F762-4B20-4D46-AFA6-F6C49B49174D}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{C0C6470D-5B7F-4E6D-8749-49FBCAD9E60A}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{C8810739-B553-43D0-B468-512AF19F72B0}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{CB9052D0-A606-47B9-A3C1-3399776E6A7C}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{D102AF5E-DEC3-4435-8E29-AA0EC0BDE6A7}
Successfully deleted: [Empty Folder] C:\Users\Alessia\appdata\local\{FFDDF375-B665-4B8F-A6A1-3A4A60A9B75A}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Alessia\AppData\Roaming\mozilla\firefox\profiles\297ai2kc.default-1372472337266\jetpack
Emptied folder: C:\Users\Alessia\AppData\Roaming\mozilla\firefox\profiles\297ai2kc.default-1372472337266\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/07/2013 at 18:01:27,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 July 2013 - 05:13 PM

Here is Farbar log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Alessia (administrator) on 14-07-2013 18:06:03
Running from C:\Users\Alessia\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1356240 2013-06-20] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
BootExecute: autocheck autochk /r \??\E:autocheck autochk *

==================== Internet (Whitelisted) ====================

ProxyServer: proxymed.citicord.uniroma1.it:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0DC6A29A-5761-4075-BE0A-F74317FC7612} URL = http://www.google.it/search?hl=it&q={searchTerms}&meta=&aq=f&oq=
SearchScopes: HKCU - {1ADA9949-3E96-400A-9C33-1ED3FEACB5B0} URL =
SearchScopes: HKCU - {A5229341-5E21-4A31-B2E6-8665779BFCE4} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKCU - {C169EE35-8D90-486B-99B9-EF85510CE9FB} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alessia\AppData\Roaming\Mozilla\Firefox\Profiles\297ai2kc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2012-11-28] (Fork Ltd.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S3 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S3 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-14] (Disc Soft Ltd)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-06-29] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-02-24] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 18:05 - 2013-07-14 18:05 - 00000000 ____D C:\FRST
2013-07-14 18:04 - 2013-07-14 18:04 - 01777839 _____ (Farbar) C:\Users\Alessia\Desktop\FRST64.exe
2013-07-14 18:01 - 2013-07-14 18:01 - 00003968 _____ C:\Users\Alessia\Desktop\JRT.txt
2013-07-14 17:57 - 2013-07-14 17:57 - 00000000 ____D C:\Windows\ERUNT
2013-07-14 17:51 - 2013-07-14 17:51 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Alessia\Desktop\JRT.exe
2013-07-14 17:45 - 2013-07-14 17:45 - 00417200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 17:45 - 2013-07-14 17:45 - 00109280 _____ C:\Users\Alessia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-14 17:45 - 2013-07-14 17:45 - 00000056 _____ C:\Windows\setupact.log
2013-07-14 17:45 - 2013-07-14 17:45 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 17:43 - 2013-07-14 17:44 - 00002668 _____ C:\AdwCleaner[S1].txt
2013-07-14 17:43 - 2013-07-14 17:43 - 00002560 _____ C:\AdwCleaner[R1].txt
2013-07-14 17:38 - 2013-07-14 17:38 - 00662345 _____ C:\Users\Alessia\Desktop\adwcleaner.exe
2013-07-14 17:38 - 2013-07-14 17:38 - 00000476 _____ C:\Users\Alessia\Desktop\defogger_disable.log
2013-07-14 17:38 - 2013-07-14 17:38 - 00000000 _____ C:\Users\Alessia\defogger_reenable
2013-07-14 17:37 - 2013-07-14 17:37 - 00050477 _____ C:\Users\Alessia\Desktop\Defogger.exe
2013-07-14 17:30 - 2013-07-14 17:30 - 00028538 _____ C:\ComboFix.txt
2013-07-14 17:07 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-14 17:07 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-14 17:07 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-14 17:07 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-14 17:07 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-14 17:07 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-14 17:07 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-14 17:07 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-14 17:06 - 2013-07-14 17:30 - 00000000 ____D C:\Qoobox
2013-07-14 16:58 - 2013-07-14 16:58 - 05088557 ____R (Swearware) C:\Users\Alessia\Desktop\ComboFix.exe
2013-07-14 16:56 - 2013-07-14 16:56 - 00000000 ____D C:\Windows\it
2013-07-14 16:53 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-07-14 16:53 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-07-14 16:53 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-07-14 16:53 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-07-14 16:53 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-07-14 16:53 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-07-14 16:52 - 2013-07-14 16:52 - 04829104 _____ (F-Secure Corporation) C:\Users\Alessia\Desktop\F-SecureOnlineScanner.exe
2013-07-14 16:52 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-07-14 16:52 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-07-14 16:52 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-07-14 16:52 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-07-14 16:38 - 2003-06-12 23:25 - 00007062 _____ C:\Windows\SysWOW64\audiopid.vxd
2013-07-14 16:36 - 2013-07-14 16:36 - 00000000 ____D C:\Users\Alessia\Documents\Dell WebCam Central
2013-07-14 16:36 - 2013-07-14 16:36 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\Creative
2013-07-14 16:36 - 2013-07-14 16:36 - 00000000 ____D C:\ProgramData\Creative
2013-07-14 16:29 - 2013-07-14 16:29 - 01243632 _____ (Microsoft Corporation) C:\Users\Alessia\Desktop\wlsetup-web.exe
2013-07-14 15:17 - 2013-07-14 15:17 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-07-14 15:17 - 2013-07-14 15:17 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-14 15:07 - 2013-07-14 15:09 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Esecuzione disattiva
2013-07-14 02:47 - 2013-07-14 02:47 - 00000000 ____D C:\Users\Alessia\Downloads\Ciao Pussycat - What's New Pussycat (DvdRip ITA-ENG)
2013-07-14 02:29 - 2013-07-14 02:30 - 00000000 ____D C:\Users\Alessia\Downloads\HENRY MANCINI - THE ULTIMATE COLLECTION
2013-07-14 01:50 - 2013-07-14 06:09 - 1350282814 ____R C:\Users\Alessia\Downloads\Il giro del mondo in ottanta giorni (1956).avi
2013-07-14 01:47 - 2013-07-14 01:48 - 00000000 ____D C:\Users\Alessia\Downloads\Stir Crazy[1980]DVDrip[Eng]DivX[AC3 2.0]-Atlas47
2013-07-13 15:18 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 15:18 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 15:18 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 15:18 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 15:18 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 15:18 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 15:18 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 15:18 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 15:18 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 15:18 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 15:18 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 15:18 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 15:18 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 15:18 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 15:18 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 15:18 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 15:18 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 15:18 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 15:18 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 15:18 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 15:18 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 15:18 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 00:35 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 00:35 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 00:35 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 00:35 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 00:35 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 00:35 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 00:35 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 01:27 - 2013-07-08 06:09 - 1268109312 _____ C:\Users\Alessia\Downloads\Per favore, non toccate le vecchiette -The Producers (M.Brooks '68) ita-eng Dvdmux by AlPal.avi
2013-07-08 01:22 - 2013-07-08 03:11 - 00000000 ____D C:\Users\Alessia\Downloads\[xvid.ita-eng.sub]The.Producers_DVDrip
2013-07-07 19:42 - 2013-07-07 23:31 - 708610048 ____R C:\Users\Alessia\Downloads\[Divx-Ita]Napoleon.Dynamite.By.Hide.avi
2013-07-07 19:39 - 2013-07-07 19:42 - 00000000 ____D C:\Users\Alessia\Downloads\The.Jerk.1979.DVDRip.XviD.AR
2013-07-07 15:37 - 2013-07-07 19:41 - 00000000 ____D C:\Users\Alessia\Downloads\Despicable Me 2 2013 HDCAM READNFO x264 AAC-BadMeetsEvil[rarbg]
2013-06-29 23:55 - 2013-06-29 23:55 - 00052790 _____ C:\BackupPostVirus.reg
2013-06-29 23:45 - 2013-06-29 23:45 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 23:00 - 2013-06-29 23:00 - 00056016 _____ C:\Windows\system32\Drivers\fsbts.sys
2013-06-28 21:44 - 2013-07-14 17:19 - 00000000 ____D C:\Windows\erdnt
2013-06-28 21:34 - 2013-06-28 21:38 - 01132052 _____ C:\Users\Alessia\AppData\Local\census.cache
2013-06-28 21:32 - 2013-06-28 21:38 - 00179958 _____ C:\Users\Alessia\AppData\Local\ars.cache
2013-06-28 21:21 - 2013-06-28 21:21 - 00000000 _____ C:\Windows\system32\atiuxpag.dll
2013-06-28 21:21 - 2013-06-28 21:21 - 00000000 _____ C:\Windows\system32\atidxx32.dll
2013-06-28 21:21 - 2013-06-28 21:21 - 00000000 _____ C:\Windows\system32\aticfx32.dll
2013-06-28 21:04 - 2013-06-28 21:04 - 00000036 _____ C:\Users\Alessia\AppData\Local\housecall.guid.cache
2013-06-28 15:01 - 2013-06-28 15:01 - 00000000 ____D C:\Users\Alessia\Desktop\Problemi
2013-06-28 12:25 - 2013-06-28 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-22 16:09 - 2007-08-18 02:38 - 45784177 _____ C:\Users\Alessia\Desktop\Current Diagnosis and Treatment in Otolaryngology.CHM
2013-06-20 22:29 - 2013-06-20 22:30 - 00000000 ____D C:\Users\Alessia\Desktop\Ginecologo
2013-06-20 21:30 - 2013-06-12 21:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 21:30 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-20 21:30 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-20 21:30 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 21:29 - 2013-06-20 21:30 - 00005090 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 21:50 - 2013-06-18 21:50 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
2013-06-16 12:16 - 2013-07-13 22:30 - 00000000 ____D C:\Users\Alessia\Desktop\New York
2013-06-15 10:44 - 2013-06-15 10:44 - 09089416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-15 10:10 - 2013-05-08 02:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-15 10:09 - 2013-05-10 01:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-15 10:09 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-15 10:09 - 2013-04-26 01:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-15 10:09 - 2013-04-26 00:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-15 10:09 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-15 10:09 - 2013-04-17 02:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-15 10:08 - 2013-05-13 01:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-15 10:08 - 2013-05-13 01:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-15 10:08 - 2013-05-13 01:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-15 10:08 - 2013-05-13 01:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-15 10:08 - 2013-05-13 00:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-15 10:08 - 2013-05-13 00:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-15 10:08 - 2013-05-13 00:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-15 10:08 - 2013-05-12 23:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-15 10:08 - 2013-05-12 23:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-15 10:08 - 2013-05-12 23:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-15 10:08 - 2013-04-25 19:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-15 10:08 - 2013-03-31 18:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-14 18:05 - 2013-07-14 18:05 - 00000000 ____D C:\FRST
2013-07-14 18:05 - 2013-01-14 15:54 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat
2013-07-14 18:04 - 2013-07-14 18:04 - 01777839 _____ (Farbar) C:\Users\Alessia\Desktop\FRST64.exe
2013-07-14 18:01 - 2013-07-14 18:01 - 00003968 _____ C:\Users\Alessia\Desktop\JRT.txt
2013-07-14 17:57 - 2013-07-14 17:57 - 00000000 ____D C:\Windows\ERUNT
2013-07-14 17:51 - 2013-07-14 17:51 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Alessia\Desktop\JRT.exe
2013-07-14 17:51 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 17:51 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 17:50 - 2009-08-13 23:19 - 00742322 _____ C:\Windows\system32\perfh010.dat
2013-07-14 17:50 - 2009-08-13 23:19 - 00147482 _____ C:\Windows\system32\perfc010.dat
2013-07-14 17:50 - 2009-07-14 01:13 - 01662574 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-14 17:46 - 2012-01-30 19:33 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-07-14 17:46 - 2012-01-30 19:33 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-07-14 17:45 - 2013-07-14 17:45 - 00417200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 17:45 - 2013-07-14 17:45 - 00109280 _____ C:\Users\Alessia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-14 17:45 - 2013-07-14 17:45 - 00000056 _____ C:\Windows\setupact.log
2013-07-14 17:45 - 2013-07-14 17:45 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 17:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 17:44 - 2013-07-14 17:43 - 00002668 _____ C:\AdwCleaner[S1].txt
2013-07-14 17:44 - 2012-08-06 15:23 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 17:44 - 2010-07-12 06:58 - 01458063 _____ C:\Windows\WindowsUpdate.log
2013-07-14 17:43 - 2013-07-14 17:43 - 00002560 _____ C:\AdwCleaner[R1].txt
2013-07-14 17:41 - 2013-06-02 09:35 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-14 17:41 - 2013-01-31 16:39 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\DAEMON Tools Lite
2013-07-14 17:41 - 2010-10-18 11:48 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\uTorrent
2013-07-14 17:41 - 2009-07-29 20:15 - 00000000 ____D C:\Windows\Panther
2013-07-14 17:38 - 2013-07-14 17:38 - 00662345 _____ C:\Users\Alessia\Desktop\adwcleaner.exe
2013-07-14 17:38 - 2013-07-14 17:38 - 00000476 _____ C:\Users\Alessia\Desktop\defogger_disable.log
2013-07-14 17:38 - 2013-07-14 17:38 - 00000000 _____ C:\Users\Alessia\defogger_reenable
2013-07-14 17:38 - 2010-09-20 09:52 - 00000000 ____D C:\Users\Alessia
2013-07-14 17:37 - 2013-07-14 17:37 - 00050477 _____ C:\Users\Alessia\Desktop\Defogger.exe
2013-07-14 17:30 - 2013-07-14 17:30 - 00028538 _____ C:\ComboFix.txt
2013-07-14 17:30 - 2013-07-14 17:06 - 00000000 ____D C:\Qoobox
2013-07-14 17:21 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-07-14 17:19 - 2013-06-28 21:44 - 00000000 ____D C:\Windows\erdnt
2013-07-14 16:58 - 2013-07-14 16:58 - 05088557 ____R (Swearware) C:\Users\Alessia\Desktop\ComboFix.exe
2013-07-14 16:56 - 2013-07-14 16:56 - 00000000 ____D C:\Windows\it
2013-07-14 16:54 - 2010-07-12 12:18 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-14 16:53 - 2010-10-19 11:31 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\Skype
2013-07-14 16:52 - 2013-07-14 16:52 - 04829104 _____ (F-Secure Corporation) C:\Users\Alessia\Desktop\F-SecureOnlineScanner.exe
2013-07-14 16:48 - 2011-05-14 15:28 - 00000000 ____D C:\Users\Alessia\AppData\Local\Windows Live
2013-07-14 16:38 - 2010-07-12 12:31 - 00000000 ____D C:\Program Files (x86)\Creative
2013-07-14 16:36 - 2013-07-14 16:36 - 00000000 ____D C:\Users\Alessia\Documents\Dell WebCam Central
2013-07-14 16:36 - 2013-07-14 16:36 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\Creative
2013-07-14 16:36 - 2013-07-14 16:36 - 00000000 ____D C:\ProgramData\Creative
2013-07-14 16:29 - 2013-07-14 16:29 - 01243632 _____ (Microsoft Corporation) C:\Users\Alessia\Desktop\wlsetup-web.exe
2013-07-14 16:07 - 2011-05-08 18:12 - 00000000 ____D C:\Users\Alessia\Desktop\Mario
2013-07-14 16:07 - 2010-09-20 09:55 - 00000000 ____D C:\Users\Alessia\AppData\Local\VirtualStore
2013-07-14 15:20 - 2013-01-19 09:14 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-14 15:17 - 2013-07-14 15:17 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-07-14 15:17 - 2013-07-14 15:17 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-14 15:16 - 2010-10-18 13:26 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-07-14 15:09 - 2013-07-14 15:07 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Esecuzione disattiva
2013-07-14 15:05 - 2012-08-06 15:23 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 15:05 - 2012-08-06 15:23 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 15:05 - 2011-05-15 12:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 15:05 - 2010-10-18 12:04 - 00000000 ____D C:\Users\Alessia\AppData\Local\Adobe
2013-07-14 14:59 - 2012-11-04 10:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-14 14:59 - 2010-10-19 11:31 - 00000000 ____D C:\ProgramData\Skype
2013-07-14 06:09 - 2013-07-14 01:50 - 1350282814 ____R C:\Users\Alessia\Downloads\Il giro del mondo in ottanta giorni (1956).avi
2013-07-14 02:47 - 2013-07-14 02:47 - 00000000 ____D C:\Users\Alessia\Downloads\Ciao Pussycat - What's New Pussycat (DvdRip ITA-ENG)
2013-07-14 02:30 - 2013-07-14 02:29 - 00000000 ____D C:\Users\Alessia\Downloads\HENRY MANCINI - THE ULTIMATE COLLECTION
2013-07-14 01:48 - 2013-07-14 01:47 - 00000000 ____D C:\Users\Alessia\Downloads\Stir Crazy[1980]DVDrip[Eng]DivX[AC3 2.0]-Atlas47
2013-07-14 00:23 - 2013-01-08 13:38 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\vlc
2013-07-13 23:23 - 2011-07-31 17:17 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-13 23:20 - 2011-07-31 17:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-13 23:19 - 2011-07-31 17:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-13 23:18 - 2013-05-07 14:15 - 00000000 ____D C:\Users\Alessia\AppData\Local\Viber
2013-07-13 23:17 - 2013-05-07 14:16 - 00001077 _____ C:\Users\Alessia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2013-07-13 23:17 - 2013-05-07 14:16 - 00001069 _____ C:\Users\Alessia\Desktop\Viber.lnk
2013-07-13 23:17 - 2013-05-07 14:16 - 00000000 ____D C:\Users\Alessia\AppData\Roaming\ViberPC
2013-07-13 22:30 - 2013-06-16 12:16 - 00000000 ____D C:\Users\Alessia\Desktop\New York
2013-07-13 16:48 - 2012-08-14 00:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 16:48 - 2010-07-12 12:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 16:47 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 16:47 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 16:47 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 15:20 - 2010-10-26 13:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 15:18 - 2010-10-18 12:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-08 13:01 - 2013-05-28 16:13 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-07-08 06:09 - 2013-07-08 01:27 - 1268109312 _____ C:\Users\Alessia\Downloads\Per favore, non toccate le vecchiette -The Producers (M.Brooks '68) ita-eng Dvdmux by AlPal.avi
2013-07-08 03:11 - 2013-07-08 01:22 - 00000000 ____D C:\Users\Alessia\Downloads\[xvid.ita-eng.sub]The.Producers_DVDrip
2013-07-07 23:31 - 2013-07-07 19:42 - 708610048 ____R C:\Users\Alessia\Downloads\[Divx-Ita]Napoleon.Dynamite.By.Hide.avi
2013-07-07 19:42 - 2013-07-07 19:39 - 00000000 ____D C:\Users\Alessia\Downloads\The.Jerk.1979.DVDRip.XviD.AR
2013-07-07 19:41 - 2013-07-07 15:37 - 00000000 ____D C:\Users\Alessia\Downloads\Despicable Me 2 2013 HDCAM READNFO x264 AAC-BadMeetsEvil[rarbg]
2013-06-29 23:55 - 2013-06-29 23:55 - 00052790 _____ C:\BackupPostVirus.reg
2013-06-29 23:45 - 2013-06-29 23:45 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 23:00 - 2013-06-29 23:00 - 00056016 _____ C:\Windows\system32\Drivers\fsbts.sys
2013-06-29 22:38 - 2010-10-18 11:39 - 00000000 ____D C:\Users\Alessia\AppData\Local\Apps\2.0
2013-06-28 22:16 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2013-06-28 22:10 - 2012-04-29 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-28 21:38 - 2013-06-28 21:34 - 01132052 _____ C:\Users\Alessia\AppData\Local\census.cache
2013-06-28 21:38 - 2013-06-28 21:32 - 00179958 _____ C:\Users\Alessia\AppData\Local\ars.cache
2013-06-28 21:21 - 2013-06-28 21:21 - 00000000 _____ C:\Windows\system32\atiuxpag.dll
2013-06-28 21:21 - 2013-06-28 21:21 - 00000000 _____ C:\Windows\system32\atidxx32.dll
2013-06-28 21:21 - 2013-06-28 21:21 - 00000000 _____ C:\Windows\system32\aticfx32.dll
2013-06-28 21:04 - 2013-06-28 21:04 - 00000036 _____ C:\Users\Alessia\AppData\Local\housecall.guid.cache
2013-06-28 15:01 - 2013-06-28 15:01 - 00000000 ____D C:\Users\Alessia\Desktop\Problemi
2013-06-28 12:55 - 2013-06-28 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-21 00:28 - 2011-05-05 15:56 - 00000000 ____D C:\Users\Alessia\Desktop\Otorino
2013-06-20 22:30 - 2013-06-20 22:29 - 00000000 ____D C:\Users\Alessia\Desktop\Ginecologo
2013-06-20 21:30 - 2013-06-20 21:29 - 00005090 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 21:30 - 2012-08-19 12:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-18 21:50 - 2013-06-18 21:50 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys
2013-06-18 21:50 - 2012-04-04 11:52 - 00139616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2013-06-16 14:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-16 12:12 - 2012-03-09 20:38 - 00000000 ____D C:\Users\Alessia\Desktop\Io&Mario
2013-06-16 12:03 - 2010-10-18 12:02 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-15 10:44 - 2013-06-15 10:44 - 09089416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-15 10:17 - 2011-07-31 17:17 - 01640688 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 15:46

==================== End Of Log ============================



And here is Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by Alessia at 2013-07-14 18:06:25
Running from C:\Users\Alessia\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.3.0.29625)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Italiano (x32 Version: 11.0.03)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Advanced PDF Password Recovery (x32 Version: 5.05.97.1109)
Amazon Send to Kindle (x32 Version: 1.0.0.192)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 10.12.0.00122)
Bonjour (Version: 3.0.0.10)
calibre (x32 Version: 0.9.20)
Canon IJ Network Scan Utility (x32)
Canon IJ Network Tool (x32 Version: 3.1.1)
Canon MP Navigator EX 3.0 (x32)
Canon MP560 series MP Drivers
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
Centro gestione dispositivi Windows Mobile (Version: 6.1.6965.0)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0335)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Driver Download Manager (HKCU Version: 3.0.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.1102.101.101)
Dell Webcam Central (x32 Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
DVDFab 7.0.6.6 (29/05/2010) (x32)
eaner (Version: 4.03)
eMule AdunanzA (x32 Version: 3.18)
eReg (x32 Version: 1.20.138.34)
gpedt.msc 1.0 (x32)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0)
iCloud (Version: 2.1.2.8)
inSSIDer (x32 Version: 2.1.6)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
ISO Recorder (Version: 3.1.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader 0.9 (x32 Version: 0.9)
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware versione 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Hotmail Connector 64-bit (Version: 14.0.6123.5001)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (Version: 14.0.5120.5000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Client IT-IT Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mobipocket Reader 6.2 (x32 Version: 6.2.608)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 22.0 (x86 it) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.3.6261.27)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BackItUp 10 (x32 Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Burning ROM 10 (x32 Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700)
Nero BurnRights 10 (x32 Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Control Center 10 (x32 Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Core Components 10 (x32 Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (x32 Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600)
Nero DiscSpeed 10 (x32 Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10)
Nero Express 10 (x32 Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700)
Nero InfoTool 10 (x32 Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Multimedia Suite 10 (x32 Version: 10.0.13100)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600)
Nero RescueAgent 10 (x32 Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700)
Nero SoundTrax 10 (x32 Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Update (x32 Version: 1.0.0017)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600)
Nero WaveEditor 10 (x32 Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600)
Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0)
Nokia Suite (x32 Version: 3.4.49.0)
Pacchetto driver Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
PC Connectivity Solution (x32 Version: 12.0.17.0)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.0)
Photo Gallery (x32 Version: 16.4.3508.0205)
Quickset64 (Version: 9.6.18)
Raccolta foto (x32 Version: 16.4.3508.0205)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6039)
SeaTools for Windows (x32 Version: 1.2.0.6)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.9.1.43.gca4c2c73)
SUPER © v2012.build.54 (Nov 18, 2012) versione v2012.build.54 (x32 Version: v2012.build.54)
Supporto applicazioni Apple (x32 Version: 2.3.4)
Unlocker 1.9.1 (x32 Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
vanBasco's Karaoke Player (x32)
Viber (HKCU Version: 3.0.0.133372)
VLC media player 2.0.7 (x32 Version: 2.0.7)
WIDCOMM Bluetooth Software (Version: 6.2.0.9603)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)

==================== Restore Points  =========================

29-06-2013 02:51:38 ComboFix created restore point
30-06-2013 06:14:23 Windows Update
04-07-2013 04:12:02 Windows Update
07-07-2013 05:10:33 Windows Update
12-07-2013 04:38:40 Windows Update
13-07-2013 19:07:46 Windows Update
14-07-2013 03:15:54 Windows Update
14-07-2013 19:17:39 Installazione pacchetto driver di dispositivo: DT Soft Ltd Dispositivi di sistema
14-07-2013 20:09:51 Removed Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
14-07-2013 20:30:36 Windows Live Sync rimosso
14-07-2013 20:31:16 Windows Live Essentials
14-07-2013 20:31:29 WLSetup
14-07-2013 20:41:57 Removed Cisco EAP-FAST Module
14-07-2013 20:42:53 Removed Cisco LEAP Module
14-07-2013 20:43:14 Removed Cisco PEAP Module
14-07-2013 20:48:23 Windows Live Essentials
14-07-2013 20:50:14 DirectX installato
14-07-2013 20:52:05 DirectX installato
14-07-2013 20:52:34 DirectX installato
14-07-2013 20:53:34 WLSetup

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-07-14 17:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {16801EA6-0471-4DC8-914E-B9929F9C6573} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {178AC1BC-E084-4DBF-A6CF-3723A0E5C957} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {18F659DE-0ACE-4242-8F91-C2FB25984565} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {3AEB6BBF-EA2C-4D33-AECA-B592F8B37BD9} - System32\Tasks\{4E6CDA33-132E-434F-9192-598D0FE22011} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {3CE34497-5D1D-49B2-BDB4-80F8C3866FD0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {42CE961B-6B76-42F0-8A04-718AE5ED0720} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {572CD63F-B7B3-4004-A5DC-A4321FF55202} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {5A099684-A814-425C-9363-F2D0E39FCD07} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {5B1879B5-A258-482C-AEEF-26A5C0E326C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {922A9A0D-1E90-4EC4-BBD3-0C82F48D7137} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {971E2AF7-FBB7-4761-A624-ACFFDFC091E0} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {9EAFC192-9063-491E-AE93-B12E5B751330} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-01-30] ()
Task: {C43ECB8D-0938-414B-A913-B0459CE65156} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {E11EABCF-E79D-414A-B2A6-4E507C107728} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/14/2013 06:04:50 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-14 17:17:00.628
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2013-07-14 17:17:00.566
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3956.52 MB
Available physical RAM: 2808.82 MB
Total Pagefile: 7911.23 MB
Available Pagefile: 6709.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:113.12 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 400AD3C6)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 14 July 2013 - 05:16 PM

Thanks for posting the information. While I am reviewing it please take a look at Post #9. Here is some information about reformatting:

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are simply things for you to consider.
 

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the ONLY way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 rosencraft

rosencraft
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 July 2013 - 05:19 PM

May I ask a question (just for personal curiosity)? How did you understand from the dss log that the computer is infected with a backdoor? I used DrWeb online scanner and Fsecure online scanner and McAfee online virus scanner (the one that detected the virus on virus total) and fsecure and drweb told that they had removed some infected files.. I then reran Fsecure and it told that there was no more infected files.. so I thought it was safe. How did you see there are some backdoor/virus left?

Again Thank you






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users