Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Impossible to run any antirootkit program after a virus disinfection


  • This topic is locked This topic is locked
52 replies to this topic

#1 ross78

ross78

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 04:01 AM

Hello all i have this problem:

my pc started to have daily BSOD of windows 7 64 bit - then i found a virus with Kaspersky Pure scan that deleted it.

 

After that the pc is still very slow and if i run any antirootkit program it crash with a blocked end blurried screen.

 

Can someone help me? 

 

Ross



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 November 2013 - 04:35 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 05:22 AM

Hi TB-Psychotic thank you very mutch for your help! Here is the report
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by SYSTEM on MININT-OB3GLST on 25-11-2013 11:17:37
Running from H:\
Windows 7 Professional (X64) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2371584 2010-03-17] (VIA)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [CTSyncService] - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-15] (Kaspersky Lab ZAO)
HKU\PC1\...\Run: [KSS] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
 
==================== Services (Whitelisted) =================
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2013-01-30] (Autodesk)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-15] (Kaspersky Lab ZAO)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S2 mi-raysat_3dsmax2011_32; C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] ()
S2 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-03-10] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
S0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
S1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2010-02-01] (GretagMacbeth LLC)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-15] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-15] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-15] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-15] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-15] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-15] (Kaspersky Lab ZAO)
S0 mbamchameleon; C:\Windows\System32\drivers\mbamchameleon.sys [91352 2013-11-16] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [116440 2013-11-16] (Malwarebytes Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-04] (Duplex Secure Ltd.)
S3 catchme; \??\C:\abc30058a\catchme.sys [x]
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-15] (Kaspersky Lab ZAO)
S2 V2iMount; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-25 11:17 - 2013-11-25 11:17 - 00000000 ____D C:\FRST
2013-11-25 11:10 - 2013-11-25 11:11 - 01958440 _____ (Farbar) C:\Users\PC1\Downloads\FRST64.exe
2013-11-25 10:59 - 2013-11-25 11:06 - 372278592 _____ (Microsoft Corporation) C:\Users\PC1\Downloads\office2007sp3-kb2526086-fullfile-it-it.exe
2013-11-25 10:59 - 2013-11-25 10:59 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-11-25 10:58 - 2013-11-25 10:58 - 39015640 _____ (Microsoft Corporation) C:\Users\PC1\Downloads\FileFormatConverters.exe
2013-11-25 10:49 - 2013-11-25 10:49 - 00000000 ____D C:\Users\PC1\Desktop\LISTINO ROMEO PACCHETTO F25112013
2013-11-25 09:38 - 2013-11-25 10:40 - 00000000 ____D C:\Users\PC1\Desktop\H221113R VISTA1
2013-11-22 15:17 - 2013-11-22 15:17 - 02570208 _____ C:\Users\PC1\Desktop\luigi.tif
2013-11-22 13:40 - 2013-11-25 09:52 - 00000000 ____D C:\Users\PC1\Desktop\H22113R VISTA2
2013-11-22 11:26 - 2013-11-22 11:26 - 00003767 _____ C:\Users\PC1\Downloads\style.css
2013-11-22 10:44 - 2013-11-22 10:44 - 00000906 _____ C:\Users\PC1\Desktop\prova div.zip
2013-11-22 10:44 - 2013-11-22 10:44 - 00000000 ____D C:\Users\PC1\Desktop\prova div
2013-11-22 09:37 - 2013-11-22 12:00 - 00000000 ____D C:\Users\PC1\Desktop\Birrificio Angeloni2
2013-11-22 09:20 - 2013-11-22 09:21 - 01085542 _____ C:\Users\PC1\Downloads\adwcleaner.exe
2013-11-22 08:54 - 2013-11-22 08:54 - 00000000 _____ C:\autoexec.bat
2013-11-22 08:53 - 2013-11-22 08:53 - 00003322 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-11-22 08:53 - 2013-11-22 08:53 - 00002250 _____ C:\Users\PC1\Desktop\SpyHunter.lnk
2013-11-22 08:53 - 2013-11-22 08:53 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-22 08:53 - 2013-11-22 08:53 - 00000000 ____D C:\sh4ldr
2013-11-22 08:53 - 2013-11-22 08:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-22 08:53 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\System32\Drivers\EsgScanner.sys
2013-11-22 08:51 - 2013-11-22 08:51 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\PC1\Desktop\SpyHunter-Installer.exe
2013-11-21 12:19 - 2013-11-21 12:19 - 00025900 _____ C:\Users\PC1\Downloads\dds.txt
2013-11-21 12:19 - 2013-11-21 12:19 - 00007779 _____ C:\Users\PC1\Downloads\attach.txt
2013-11-21 09:50 - 2013-11-25 10:59 - 00000000 ____D C:\Users\PC1\Desktop\LISTINO ROMEO RICOSTRUZIONE
2013-11-20 18:05 - 2013-11-25 08:42 - 00000448 _____ C:\Windows\setupact.log
2013-11-20 18:05 - 2013-11-20 18:05 - 00000000 _____ C:\Windows\setuperr.log
2013-11-20 18:01 - 2013-11-20 18:01 - 00377856 _____ C:\Users\PC1\Desktop\l07kpd3u.exe
2013-11-20 16:46 - 2013-11-20 16:46 - 00000000 ____D C:\Users\PC1\Desktop\3b craft modifiche daniela
2013-11-20 13:42 - 2013-11-20 13:42 - 00032800 _____ C:\Users\PC1\Downloads\gmer_full.txt
2013-11-18 17:35 - 2013-11-18 17:35 - 02405584 _____ (Trend Micro Inc.) C:\Users\PC1\Downloads\HousecallLauncher64.exe
2013-11-18 17:35 - 2013-11-18 17:35 - 00000036 _____ C:\Users\PC1\AppData\Local\housecall.guid.cache
2013-11-18 09:18 - 2013-11-18 09:18 - 21168730 _____ C:\Users\PC1\Downloads\anta avorio 598x716.tif.zip
2013-11-17 14:29 - 2013-11-17 14:29 - 00032014 _____ C:\ComboFix.txt
2013-11-17 14:11 - 2013-11-17 14:11 - 05146587 ____R (Swearware) C:\Users\PC1\Desktop\ComboFix.exe
2013-11-17 08:31 - 2013-11-17 08:31 - 00891200 _____ C:\Users\PC1\Desktop\SecurityCheck.exe
2013-11-17 08:30 - 2013-11-17 08:30 - 00360775 _____ (Farbar) C:\Users\PC1\Desktop\FSS.exe
2013-11-17 07:43 - 2013-11-17 07:43 - 00000000 ____D C:\ProgramData\Licenses
2013-11-17 07:43 - 2013-11-17 07:43 - 00000000 ____D C:\ProgramData\Binarysense
2013-11-17 07:42 - 2013-11-17 07:42 - 00002059 _____ C:\Users\Public\Desktop\SSDlife Pro.lnk
2013-11-17 07:42 - 2013-11-17 07:42 - 00000000 ____D C:\Program Files (x86)\BinarySense
2013-11-17 07:38 - 2013-11-17 07:38 - 04255744 _____ C:\Users\PC1\Downloads\SSDlife Pro 2.3.56 (1).msi
2013-11-17 07:28 - 2013-11-17 07:28 - 04255744 _____ C:\Users\PC1\Downloads\SSDlife Pro 2.3.56.msi
2013-11-17 06:28 - 2013-11-17 06:29 - 28510448 _____ (SUPERAntiSpyware) C:\Users\PC1\Desktop\SUPERAntiSpyware.exe
2013-11-17 06:26 - 2013-11-17 06:27 - 04745728 _____ (AVAST Software) C:\Users\PC1\Desktop\aswMBR.exe
2013-11-16 20:12 - 2013-11-16 20:12 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\PC1\Desktop\rkill.exe
2013-11-16 19:57 - 2013-11-16 19:57 - 00760937 _____ (Farbar) C:\Users\PC1\Desktop\MiniToolBox (1).exe
2013-11-16 19:47 - 2013-11-22 09:23 - 00000000 ____D C:\AdwCleaner
2013-11-16 19:45 - 2013-11-16 19:45 - 01085542 _____ C:\Users\PC1\Desktop\AdwCleaner.exe
2013-11-16 17:15 - 2013-11-16 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-16 17:14 - 2013-11-25 11:13 - 00684502 _____ C:\Windows\WindowsUpdate.log
2013-11-16 17:14 - 2013-11-16 17:14 - 01034531 _____ (Thisisu) C:\Users\PC1\Desktop\JRT.exe
2013-11-16 16:55 - 2013-11-16 16:55 - 00000114 _____ C:\local.conf
2013-11-16 16:47 - 2013-11-16 20:19 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-11-16 16:47 - 2013-11-16 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 16:46 - 2013-11-16 16:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-11-16 16:45 - 2013-11-16 16:46 - 00000000 ____D C:\Users\PC1\Desktop\Nuova cartella (2)
2013-11-16 16:43 - 2013-11-16 16:43 - 00760937 _____ (Farbar) C:\Users\PC1\Downloads\MiniToolBox.exe
2013-11-15 18:27 - 2013-11-15 18:27 - 00000000 ____D C:\ProgramData\PDF Architect
2013-11-15 18:21 - 2013-11-15 18:21 - 00066560 _____ (Nalpeiron Ltd.) C:\Users\PC1\Downloads\nlssrv32.exe
2013-11-15 18:06 - 2013-11-15 18:06 - 00002965 _____ C:\Users\PC1\Desktop\HiJackThis.lnk
2013-11-15 18:06 - 2013-11-15 18:06 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-15 14:03 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-11-15 14:02 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2013-11-15 14:02 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2013-11-15 14:01 - 2013-11-15 14:44 - 00000000 ____D C:\Windows\ELAMBKUP
2013-11-15 14:00 - 2013-11-15 14:43 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-11-15 14:00 - 2013-11-15 14:43 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-11-14 10:39 - 2013-11-14 10:51 - 00008084 _____ C:\Users\PC1\Downloads\MK1T_c70060_igs._IGES_log.err
2013-11-14 10:39 - 2013-11-14 10:39 - 00532672 _____ C:\Users\PC1\Downloads\MK1T_c70060_igs.igs
2013-11-13 12:35 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 12:35 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 12:35 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 12:35 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 12:35 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-13 12:35 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 12:35 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 12:35 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 12:35 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 12:35 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 12:35 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 12:35 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 09:59 - 2013-11-13 09:59 - 07115329 _____ C:\Users\PC1\Downloads\57434 IP 640 S (IX).zip
2013-11-13 09:59 - 2013-11-13 09:59 - 04618314 _____ C:\Users\PC1\Downloads\74376 -  PKQ 755 D GH (K) _HA.rar
2013-11-13 09:46 - 2013-11-13 09:47 - 00000000 ____D C:\Users\PC1\Desktop\74042 - FIM 734 K.A IX
2013-11-13 08:25 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 08:25 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 08:25 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 08:25 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 08:25 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 08:25 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 08:25 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 08:25 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 08:25 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 08:25 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 08:25 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 08:25 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 08:25 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 08:25 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 08:25 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 08:25 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 08:25 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 08:25 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 08:25 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 08:25 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 08:25 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 08:25 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 08:25 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 08:25 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 08:25 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 08:25 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 08:25 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 08:25 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 08:25 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 08:25 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-12 17:00 - 2013-11-12 17:00 - 00283008 _____ (Mozilla) C:\Users\PC1\Downloads\Firefox Setup Stub 25.0.exe
2013-11-12 12:03 - 2013-11-13 09:27 - 00000132 _____ C:\Users\PC1\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-12 11:28 - 2013-11-12 11:28 - 00000367 _____ C:\Users\PC1\Documents\Computer - collegamento.lnk
2013-11-12 10:33 - 2013-11-12 10:33 - 00000000 ____D C:\Users\PC1\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2013-11-12 10:26 - 2013-11-12 10:26 - 00000967 _____ C:\Users\PC1\Desktop\OCCT.lnk
2013-11-12 10:26 - 2013-11-12 10:26 - 00000000 ____D C:\Users\PC1\Documents\OCCT
2013-11-12 10:26 - 2013-11-12 10:26 - 00000000 ____D C:\Program Files (x86)\OCCTPT
2013-11-12 10:26 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-12 10:26 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-11-12 10:26 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-12 10:26 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-11-12 10:26 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-11-12 10:26 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-11-12 10:26 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-11-12 10:26 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-12 10:26 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-11-12 10:26 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-11-12 10:26 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-12 10:26 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-11-12 10:26 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-11-12 10:26 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-11-12 10:26 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-11-12 10:26 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-12 10:26 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-11-12 10:26 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-11-12 10:26 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-12 10:26 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-11-12 10:26 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-11-12 10:26 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-11-12 10:26 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-12 10:26 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-11-12 10:26 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-12 10:26 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-11-12 10:26 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-12 10:26 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-11-12 10:26 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-12 10:26 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-11-12 10:26 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-12 10:26 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-12 10:26 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-11-12 10:26 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-11-12 10:26 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-12 10:26 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-12 10:26 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-11-12 10:26 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-11-12 10:26 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-12 10:26 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-11-12 10:26 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-12 10:26 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-11-12 10:26 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-12 10:26 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-11-12 10:26 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-12 10:26 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-12 10:26 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-11-12 10:26 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-11-12 10:26 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-12 10:26 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-11-12 10:26 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-11-12 10:26 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-11-12 10:26 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-12 10:26 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-11-12 10:26 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-12 10:26 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-11-12 10:26 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-12 10:26 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-11-12 10:26 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-12 10:26 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-11-12 10:26 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-12 10:26 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-11-12 10:26 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-12 10:26 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-11-12 10:26 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-12 10:26 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-11-12 10:26 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-12 10:26 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-11-12 10:26 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-12 10:26 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-11-12 10:26 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-12 10:26 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-11-12 10:26 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-12 10:26 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-11-12 10:26 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-12 10:26 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-11-12 10:26 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-12 10:26 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-11-12 10:26 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-11-12 10:26 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-11-12 10:26 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-12 10:26 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-11-12 10:26 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-12 10:26 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-11-12 10:26 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-12 10:26 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-11-12 10:26 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-12 10:26 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-11-12 10:26 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-12 10:23 - 2013-11-12 10:26 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Users\PC1\AppData\Roaming\ATI
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Users\PC1\AppData\Local\ATI
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Users\PC1\AppData\Local\AMD
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\ProgramData\ATI
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-11-12 10:20 - 2013-11-12 10:21 - 00000000 ____D C:\ProgramData\AMD
2013-11-12 10:20 - 2013-11-12 10:20 - 00066505 _____ C:\Windows\SysWOW64\CCCInstall_201311121020570123.log
2013-11-12 10:19 - 2013-11-12 10:19 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-11-12 10:19 - 2013-11-12 10:19 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-11-12 10:16 - 2013-11-12 10:16 - 06891341 _____ C:\Users\PC1\Downloads\OCCTPT4.4.0.exe
2013-11-12 10:16 - 2013-11-12 10:16 - 00000000 ____D C:\AMD
2013-11-12 10:11 - 2013-11-12 10:15 - 207468968 _____ (Advanced Micro Devices, Inc.) C:\Users\PC1\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-11-12 09:48 - 2013-11-25 08:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 09:48 - 2013-11-15 14:01 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-12 09:48 - 2013-11-12 09:48 - 00001077 _____ C:\Users\PC1\Desktop\Kaspersky Security Scan.lnk
2013-11-12 09:47 - 2013-11-12 09:48 - 01126296 _____ (                                                            ) C:\Users\PC1\Downloads\hwmonitor_1.24-setup.exe
2013-11-12 08:46 - 2013-11-12 08:56 - 00000000 ____D C:\Users\PC1\Downloads\Digital.Tutors.Assembling.and.Working.with.Long.Documents.in.InDesign.CS5
2013-11-12 08:45 - 2013-11-12 08:45 - 00000506 _____ C:\Users\PC1\Downloads\Adobe CC - XForce Keygen - Win.torrent
2013-11-12 08:45 - 2013-11-12 08:45 - 00000000 ____D C:\Users\PC1\Downloads\Crack
2013-11-11 15:18 - 2013-11-08 17:22 - 00001660 _____ C:\Users\Public\fstile2.css
2013-11-11 15:18 - 2013-09-03 11:29 - 00000777 _____ C:\Users\Public\fontface.css
2013-11-11 15:17 - 2013-11-08 17:22 - 00001564 _____ C:\Users\Public\menu a tendina.html
2013-11-11 12:26 - 2013-11-11 12:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-11 09:39 - 2013-11-18 17:27 - 00000000 ____D C:\Users\PC1\Desktop\file blackstudio2
2013-11-08 14:39 - 2013-11-08 14:39 - 00000000 ____D C:\Users\PC1\Desktop\MemTest
2013-11-08 14:31 - 2013-11-11 05:50 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-08 14:28 - 2013-11-15 14:23 - 00002154 _____ C:\Windows\epplauncher.mif
2013-11-08 14:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-08 14:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-08 14:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-08 14:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-08 14:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-08 14:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-08 14:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-08 14:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-07 17:15 - 2013-11-20 17:22 - 00000000 ____D C:\Users\PC1\Desktop\Birrificio Angeloni
2013-11-07 15:10 - 2013-11-07 16:55 - 00000000 ____D C:\Users\PC1\Desktop\GHILOTTI
2013-11-05 09:11 - 2013-11-05 09:11 - 00003146 _____ C:\Windows\System32\Tasks\{85A16CE2-DE7F-4F4A-9AC3-473C5128786D}
2013-10-31 11:07 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-31 11:07 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-31 11:07 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-31 11:07 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-31 11:07 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-31 11:07 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-31 11:07 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-28 09:59 - 2013-11-17 06:59 - 05146587 ____R (Swearware) C:\Users\PC1\Desktop\abc.exe
2013-10-28 09:58 - 2013-10-28 09:59 - 05136138 _____ (Swearware) C:\Users\PC1\Downloads\ComboFix_13-10-21.01.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-25 11:17 - 2013-11-25 11:17 - 00000000 ____D C:\FRST
2013-11-25 11:13 - 2013-11-16 17:14 - 00684502 _____ C:\Windows\WindowsUpdate.log
2013-11-25 11:12 - 2013-03-19 09:26 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-25 11:12 - 2009-07-14 11:53 - 00741386 _____ C:\Windows\System32\perfh010.dat
2013-11-25 11:12 - 2009-07-14 11:53 - 00147440 _____ C:\Windows\System32\perfc010.dat
2013-11-25 11:12 - 2009-07-14 06:13 - 01661180 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-25 11:11 - 2013-11-25 11:10 - 01958440 _____ (Farbar) C:\Users\PC1\Downloads\FRST64.exe
2013-11-25 11:06 - 2013-11-25 10:59 - 372278592 _____ (Microsoft Corporation) C:\Users\PC1\Downloads\office2007sp3-kb2526086-fullfile-it-it.exe
2013-11-25 10:59 - 2013-11-25 10:59 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-11-25 10:59 - 2013-11-21 09:50 - 00000000 ____D C:\Users\PC1\Desktop\LISTINO ROMEO RICOSTRUZIONE
2013-11-25 10:59 - 2013-01-30 17:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-25 10:58 - 2013-11-25 10:58 - 39015640 _____ (Microsoft Corporation) C:\Users\PC1\Downloads\FileFormatConverters.exe
2013-11-25 10:49 - 2013-11-25 10:49 - 00000000 ____D C:\Users\PC1\Desktop\LISTINO ROMEO PACCHETTO F25112013
2013-11-25 10:40 - 2013-11-25 09:38 - 00000000 ____D C:\Users\PC1\Desktop\H221113R VISTA1
2013-11-25 10:17 - 2013-01-02 15:45 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-25 09:52 - 2013-11-22 13:40 - 00000000 ____D C:\Users\PC1\Desktop\H22113R VISTA2
2013-11-25 09:20 - 2013-01-02 15:45 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-25 08:59 - 2013-11-12 09:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-25 08:57 - 2013-01-02 17:36 - 00000000 ____D C:\Users\PC1\AppData\Local\Adobe
2013-11-25 08:50 - 2009-07-14 05:45 - 00015040 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 08:50 - 2009-07-14 05:45 - 00015040 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 08:42 - 2013-11-20 18:05 - 00000448 _____ C:\Windows\setupact.log
2013-11-25 08:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 15:17 - 2013-11-22 15:17 - 02570208 _____ C:\Users\PC1\Desktop\luigi.tif
2013-11-22 12:00 - 2013-11-22 09:37 - 00000000 ____D C:\Users\PC1\Desktop\Birrificio Angeloni2
2013-11-22 11:26 - 2013-11-22 11:26 - 00003767 _____ C:\Users\PC1\Downloads\style.css
2013-11-22 10:44 - 2013-11-22 10:44 - 00000906 _____ C:\Users\PC1\Desktop\prova div.zip
2013-11-22 10:44 - 2013-11-22 10:44 - 00000000 ____D C:\Users\PC1\Desktop\prova div
2013-11-22 09:23 - 2013-11-16 19:47 - 00000000 ____D C:\AdwCleaner
2013-11-22 09:21 - 2013-11-22 09:20 - 01085542 _____ C:\Users\PC1\Downloads\adwcleaner.exe
2013-11-22 08:54 - 2013-11-22 08:54 - 00000000 _____ C:\autoexec.bat
2013-11-22 08:53 - 2013-11-22 08:53 - 00003322 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-11-22 08:53 - 2013-11-22 08:53 - 00002250 _____ C:\Users\PC1\Desktop\SpyHunter.lnk
2013-11-22 08:53 - 2013-11-22 08:53 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-22 08:53 - 2013-11-22 08:53 - 00000000 ____D C:\sh4ldr
2013-11-22 08:53 - 2013-11-22 08:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-22 08:51 - 2013-11-22 08:51 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\PC1\Desktop\SpyHunter-Installer.exe
2013-11-21 12:19 - 2013-11-21 12:19 - 00025900 _____ C:\Users\PC1\Downloads\dds.txt
2013-11-21 12:19 - 2013-11-21 12:19 - 00007779 _____ C:\Users\PC1\Downloads\attach.txt
2013-11-20 18:05 - 2013-11-20 18:05 - 00000000 _____ C:\Windows\setuperr.log
2013-11-20 18:04 - 2013-01-02 16:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 18:01 - 2013-11-20 18:01 - 00377856 _____ C:\Users\PC1\Desktop\l07kpd3u.exe
2013-11-20 17:22 - 2013-11-07 17:15 - 00000000 ____D C:\Users\PC1\Desktop\Birrificio Angeloni
2013-11-20 16:55 - 2013-01-02 17:01 - 00000000 ____D C:\Users\PC1\AppData\Roaming\KeePass
2013-11-20 16:46 - 2013-11-20 16:46 - 00000000 ____D C:\Users\PC1\Desktop\3b craft modifiche daniela
2013-11-20 13:42 - 2013-11-20 13:42 - 00032800 _____ C:\Users\PC1\Downloads\gmer_full.txt
2013-11-20 09:22 - 2013-10-15 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-11-18 17:51 - 2013-10-03 15:33 - 00007625 _____ C:\Users\PC1\AppData\Local\Resmon.ResmonCfg
2013-11-18 17:35 - 2013-11-18 17:35 - 02405584 _____ (Trend Micro Inc.) C:\Users\PC1\Downloads\HousecallLauncher64.exe
2013-11-18 17:35 - 2013-11-18 17:35 - 00000036 _____ C:\Users\PC1\AppData\Local\housecall.guid.cache
2013-11-18 17:27 - 2013-11-11 09:39 - 00000000 ____D C:\Users\PC1\Desktop\file blackstudio2
2013-11-18 09:18 - 2013-11-18 09:18 - 21168730 _____ C:\Users\PC1\Downloads\anta avorio 598x716.tif.zip
2013-11-17 14:29 - 2013-11-17 14:29 - 00032014 _____ C:\ComboFix.txt
2013-11-17 14:29 - 2013-10-08 08:59 - 00000000 ____D C:\Qoobox
2013-11-17 14:28 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-17 14:11 - 2013-11-17 14:11 - 05146587 ____R (Swearware) C:\Users\PC1\Desktop\ComboFix.exe
2013-11-17 12:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-17 08:31 - 2013-11-17 08:31 - 00891200 _____ C:\Users\PC1\Desktop\SecurityCheck.exe
2013-11-17 08:30 - 2013-11-17 08:30 - 00360775 _____ (Farbar) C:\Users\PC1\Desktop\FSS.exe
2013-11-17 07:43 - 2013-11-17 07:43 - 00000000 ____D C:\ProgramData\Licenses
2013-11-17 07:43 - 2013-11-17 07:43 - 00000000 ____D C:\ProgramData\Binarysense
2013-11-17 07:42 - 2013-11-17 07:42 - 00002059 _____ C:\Users\Public\Desktop\SSDlife Pro.lnk
2013-11-17 07:42 - 2013-11-17 07:42 - 00000000 ____D C:\Program Files (x86)\BinarySense
2013-11-17 07:38 - 2013-11-17 07:38 - 04255744 _____ C:\Users\PC1\Downloads\SSDlife Pro 2.3.56 (1).msi
2013-11-17 07:28 - 2013-11-17 07:28 - 04255744 _____ C:\Users\PC1\Downloads\SSDlife Pro 2.3.56.msi
2013-11-17 06:59 - 2013-10-28 09:59 - 05146587 ____R (Swearware) C:\Users\PC1\Desktop\abc.exe
2013-11-17 06:29 - 2013-11-17 06:28 - 28510448 _____ (SUPERAntiSpyware) C:\Users\PC1\Desktop\SUPERAntiSpyware.exe
2013-11-17 06:27 - 2013-11-17 06:26 - 04745728 _____ (AVAST Software) C:\Users\PC1\Desktop\aswMBR.exe
2013-11-16 20:19 - 2013-11-16 16:47 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-11-16 20:12 - 2013-11-16 20:12 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\PC1\Desktop\rkill.exe
2013-11-16 19:57 - 2013-11-16 19:57 - 00760937 _____ (Farbar) C:\Users\PC1\Desktop\MiniToolBox (1).exe
2013-11-16 19:45 - 2013-11-16 19:45 - 01085542 _____ C:\Users\PC1\Desktop\AdwCleaner.exe
2013-11-16 17:15 - 2013-11-16 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-16 17:14 - 2013-11-16 17:14 - 01034531 _____ (Thisisu) C:\Users\PC1\Desktop\JRT.exe
2013-11-16 16:55 - 2013-11-16 16:55 - 00000114 _____ C:\local.conf
2013-11-16 16:49 - 2013-04-19 10:26 - 00000000 ___RD C:\Users\PC1\Dropbox
2013-11-16 16:47 - 2013-11-16 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 16:46 - 2013-11-16 16:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-11-16 16:46 - 2013-11-16 16:45 - 00000000 ____D C:\Users\PC1\Desktop\Nuova cartella (2)
2013-11-16 16:43 - 2013-11-16 16:43 - 00760937 _____ (Farbar) C:\Users\PC1\Downloads\MiniToolBox.exe
2013-11-15 18:38 - 2012-12-10 15:43 - 00000000 ____D C:\Users\PC1\Documents\Backup Ccleaner
2013-11-15 18:37 - 2013-09-05 09:15 - 00000000 ____D C:\Users\PC1\AppData\Roaming\uTorrent
2013-11-15 18:36 - 2013-03-20 08:40 - 00000000 ____D C:\Windows\Minidump
2013-11-15 18:36 - 2013-01-02 16:04 - 00000000 ____D C:\Program Files\CCleaner
2013-11-15 18:36 - 2013-01-02 15:21 - 00000000 ____D C:\Windows\Panther
2013-11-15 18:33 - 2013-07-12 10:51 - 00000000 ____D C:\Program Files (x86)\LEGO Company
2013-11-15 18:28 - 2013-01-02 18:12 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-11-15 18:27 - 2013-11-15 18:27 - 00000000 ____D C:\ProgramData\PDF Architect
2013-11-15 18:21 - 2013-11-15 18:21 - 00066560 _____ (Nalpeiron Ltd.) C:\Users\PC1\Downloads\nlssrv32.exe
2013-11-15 18:20 - 2013-04-19 10:21 - 00000000 ____D C:\Users\PC1\AppData\Roaming\Dropbox
2013-11-15 18:06 - 2013-11-15 18:06 - 00002965 _____ C:\Users\PC1\Desktop\HiJackThis.lnk
2013-11-15 18:06 - 2013-11-15 18:06 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-15 15:43 - 2009-07-14 03:34 - 00000027 _____ C:\Windows\System32\Drivers\etc\'hosts'
2013-11-15 14:44 - 2013-11-15 14:01 - 00000000 ____D C:\Windows\ELAMBKUP
2013-11-15 14:43 - 2013-11-15 14:00 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-11-15 14:43 - 2013-11-15 14:00 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-11-15 14:43 - 2012-10-18 14:50 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-11-15 14:43 - 2012-09-03 18:23 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klmouflt.sys
2013-11-15 14:43 - 2012-09-03 17:57 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klkbdflt.sys
2013-11-15 14:43 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kneps.sys
2013-11-15 14:43 - 2012-06-19 17:28 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl1.sys
2013-11-15 14:23 - 2013-11-08 14:28 - 00002154 _____ C:\Windows\epplauncher.mif
2013-11-15 14:01 - 2013-11-12 09:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-14 21:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 10:51 - 2013-11-14 10:39 - 00008084 _____ C:\Users\PC1\Downloads\MK1T_c70060_igs._IGES_log.err
2013-11-14 10:39 - 2013-11-14 10:39 - 00532672 _____ C:\Users\PC1\Downloads\MK1T_c70060_igs.igs
2013-11-14 09:17 - 2013-09-04 14:40 - 00000000 ____D C:\Users\PC1\Desktop\Preventivi Bocchini srl
2013-11-14 08:32 - 2013-01-07 14:58 - 00000000 ____D C:\Program Files\MAXON
2013-11-13 15:55 - 2013-07-29 15:50 - 00651264 _____ C:\Users\PC1\Desktop\carta intestata business.indd
2013-11-13 12:34 - 2013-08-27 18:05 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 12:33 - 2013-01-03 08:39 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-13 09:59 - 2013-11-13 09:59 - 07115329 _____ C:\Users\PC1\Downloads\57434 IP 640 S (IX).zip
2013-11-13 09:59 - 2013-11-13 09:59 - 04618314 _____ C:\Users\PC1\Downloads\74376 -  PKQ 755 D GH (K) _HA.rar
2013-11-13 09:47 - 2013-11-13 09:46 - 00000000 ____D C:\Users\PC1\Desktop\74042 - FIM 734 K.A IX
2013-11-13 09:27 - 2013-11-12 12:03 - 00000132 _____ C:\Users\PC1\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-12 17:01 - 2013-09-02 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 17:00 - 2013-11-12 17:00 - 00283008 _____ (Mozilla) C:\Users\PC1\Downloads\Firefox Setup Stub 25.0.exe
2013-11-12 16:24 - 2013-01-02 15:27 - 00000000 ____D C:\users\PC1
2013-11-12 16:04 - 2013-02-05 09:26 - 00000000 ____D C:\Users\PC1\AppData\Local\cache
2013-11-12 13:30 - 2009-07-14 05:45 - 05055176 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-12 12:02 - 2013-01-02 15:44 - 00112200 _____ C:\Users\PC1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-12 11:28 - 2013-11-12 11:28 - 00000367 _____ C:\Users\PC1\Documents\Computer - collegamento.lnk
2013-11-12 10:33 - 2013-11-12 10:33 - 00000000 ____D C:\Users\PC1\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2013-11-12 10:26 - 2013-11-12 10:26 - 00000967 _____ C:\Users\PC1\Desktop\OCCT.lnk
2013-11-12 10:26 - 2013-11-12 10:26 - 00000000 ____D C:\Users\PC1\Documents\OCCT
2013-11-12 10:26 - 2013-11-12 10:26 - 00000000 ____D C:\Program Files (x86)\OCCTPT
2013-11-12 10:26 - 2013-11-12 10:23 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Users\PC1\AppData\Roaming\ATI
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Users\PC1\AppData\Local\ATI
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Users\PC1\AppData\Local\AMD
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\ProgramData\ATI
2013-11-12 10:21 - 2013-11-12 10:21 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-11-12 10:21 - 2013-11-12 10:20 - 00000000 ____D C:\ProgramData\AMD
2013-11-12 10:20 - 2013-11-12 10:20 - 00066505 _____ C:\Windows\SysWOW64\CCCInstall_201311121020570123.log
2013-11-12 10:20 - 2013-10-03 16:22 - 00000000 ____D C:\Program Files\ATI Technologies
2013-11-12 10:19 - 2013-11-12 10:19 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-11-12 10:19 - 2013-11-12 10:19 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-11-12 10:18 - 2013-02-05 08:43 - 01635066 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-12 10:16 - 2013-11-12 10:16 - 06891341 _____ C:\Users\PC1\Downloads\OCCTPT4.4.0.exe
2013-11-12 10:16 - 2013-11-12 10:16 - 00000000 ____D C:\AMD
2013-11-12 10:15 - 2013-11-12 10:11 - 207468968 _____ (Advanced Micro Devices, Inc.) C:\Users\PC1\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2013-11-12 09:48 - 2013-11-12 09:48 - 00001077 _____ C:\Users\PC1\Desktop\Kaspersky Security Scan.lnk
2013-11-12 09:48 - 2013-11-12 09:47 - 01126296 _____ (                                                            ) C:\Users\PC1\Downloads\hwmonitor_1.24-setup.exe
2013-11-12 09:08 - 2013-01-02 15:36 - 00000000 ____D C:\Users\PC1\AppData\Roaming\Adobe
2013-11-12 09:08 - 2013-01-02 15:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-12 08:56 - 2013-11-12 08:46 - 00000000 ____D C:\Users\PC1\Downloads\Digital.Tutors.Assembling.and.Working.with.Long.Documents.in.InDesign.CS5
2013-11-12 08:45 - 2013-11-12 08:45 - 00000506 _____ C:\Users\PC1\Downloads\Adobe CC - XForce Keygen - Win.torrent
2013-11-12 08:45 - 2013-11-12 08:45 - 00000000 ____D C:\Users\PC1\Downloads\Crack
2013-11-11 14:43 - 2012-12-10 15:43 - 00011262 _____ C:\Users\PC1\Documents\LUIGI.kdbx
2013-11-11 13:53 - 2013-03-01 16:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-11 12:26 - 2013-11-11 12:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-11 09:48 - 2013-09-02 14:51 - 00000000 ____D C:\Users\PC1\Desktop\test html
2013-11-11 05:50 - 2013-11-08 14:31 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-08 17:22 - 2013-11-11 15:18 - 00001660 _____ C:\Users\Public\fstile2.css
2013-11-08 17:22 - 2013-11-11 15:17 - 00001564 _____ C:\Users\Public\menu a tendina.html
2013-11-08 14:39 - 2013-11-08 14:39 - 00000000 ____D C:\Users\PC1\Desktop\MemTest
2013-11-08 14:26 - 2013-01-02 15:28 - 00000000 ____D C:\ProgramData\MFAData
2013-11-07 16:55 - 2013-11-07 15:10 - 00000000 ____D C:\Users\PC1\Desktop\GHILOTTI
2013-11-05 12:27 - 2013-06-13 12:48 - 00000000 ____D C:\Users\PC1\AppData\Roaming\Spotify
2013-11-05 09:15 - 2013-06-13 12:48 - 00000000 ____D C:\Users\PC1\AppData\Local\Spotify
2013-11-05 09:11 - 2013-11-05 09:11 - 00003146 _____ C:\Windows\System32\Tasks\{85A16CE2-DE7F-4F4A-9AC3-473C5128786D}
2013-11-05 09:02 - 2013-04-02 10:55 - 00000000 ____D C:\Users\PC1\Documents\Fatture Beco
2013-11-05 08:42 - 2013-01-04 08:38 - 00031744 _____ C:\Users\PC1\Documents\BDGT 2013.xls
2013-10-30 14:13 - 2013-06-10 14:11 - 21502784 _____ C:\Users\PC1\Desktop\CARTIGLIO BOCCHINI SRL 150 dpi.tif
2013-10-29 16:12 - 2013-10-22 16:24 - 00000000 ____D C:\Users\PC1\Desktop\Cartella D221013 CATALOGO
2013-10-28 09:59 - 2013-10-28 09:58 - 05136138 _____ (Swearware) C:\Users\PC1\Downloads\ComboFix_13-10-21.01.exe
 
Files to move or delete:
====================
C:\ProgramData\LaunchURL.bat
 
 
Some content of TEMP:
====================
C:\Users\PC1\AppData\Local\Temp\Quarantine.exe
C:\Users\PC1\AppData\Local\Temp\SHSetup.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8191.24 MB
Available physical RAM: 7317.09 MB
Total Pagefile: 8189.39 MB
Available Pagefile: 7329 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.47 GB) (Free:110.79 GB) NTFS
Drive d: (Volume) (Fixed) (Total:687.37 GB) (Free:469.09 GB) NTFS
Drive f: (Volume) (Fixed) (Total:244.14 GB) (Free:150.91 GB) NTFS
Drive h: () (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 02F1B573)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DD7FB3CF)
Partition 1: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1000 MB) (Disk ID: 70707573)
No partition Table on disk 2.
 
 
LastRegBack: 2013-11-20 01:27
 
==================== End Of Log ============================


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 November 2013 - 05:48 AM

Please post up C:\combofix.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 05:54 AM

ComboFix 13-11-16.01 - PC1 17/11/2013  14:25:21.4.6 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8191.7326 [GMT 1:00]
Eseguito da: c:\users\PC1\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-10-17 al 2013-11-17  )))))))))))))))))))))))))))))))))))
.
.
2013-11-17 13:28 . 2013-11-17 13:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-17 13:28 . 2013-11-17 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-17 06:43 . 2013-11-17 06:43 -------- d-----w- c:\programdata\Binarysense
2013-11-17 06:43 . 2013-11-17 06:43 -------- d-----w- c:\programdata\Licenses
2013-11-17 06:42 . 2013-11-17 06:42 -------- d-----w- c:\program files (x86)\BinarySense
2013-11-16 18:47 . 2013-11-16 18:52 -------- d-----w- C:\AdwCleaner
2013-11-16 16:15 . 2013-11-16 16:15 -------- d-----w- c:\windows\ERUNT
2013-11-16 15:47 . 2013-11-16 15:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-16 15:47 . 2013-11-16 19:19 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-16 15:46 . 2013-11-16 15:46 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-15 17:27 . 2013-11-15 17:27 -------- d-----w- c:\programdata\PDF Architect
2013-11-15 17:06 . 2013-11-15 17:06 388096 ----a-r- c:\users\PC1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-15 17:06 . 2013-11-15 17:06 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-15 15:01 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1429E42C-3619-4716-BFCE-D53486192471}\mpengine.dll
2013-11-15 13:03 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-11-15 13:02 . 2011-06-02 13:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2013-11-15 13:02 . 2011-06-02 13:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2013-11-15 13:01 . 2013-11-15 13:44 -------- d-----w- c:\windows\ELAMBKUP
2013-11-15 13:01 . 2013-11-15 13:01 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2013-11-15 13:00 . 2013-11-15 13:43 626272 ----a-w- c:\windows\system32\drivers\klif.sys
2013-11-15 13:00 . 2013-11-15 13:43 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-11-13 07:25 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-12 09:33 . 2013-11-12 09:33 -------- d-----w- c:\users\PC1\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2013-11-12 09:21 . 2013-11-12 09:21 -------- d-----w- c:\users\PC1\AppData\Local\AMD
2013-11-12 09:21 . 2013-11-12 09:21 -------- d-----w- c:\users\PC1\AppData\Roaming\ATI
2013-11-12 09:21 . 2013-11-12 09:21 -------- d-----w- c:\users\PC1\AppData\Local\ATI
2013-11-12 09:21 . 2013-11-12 09:21 -------- d-----w- c:\programdata\ATI
2013-11-12 09:21 . 2013-11-12 09:21 -------- d-----w- c:\program files (x86)\AMD AVT
2013-11-12 09:21 . 2013-11-12 09:21 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-11-12 09:20 . 2013-11-12 09:21 -------- d-----w- c:\programdata\AMD
2013-11-12 09:19 . 2013-11-12 09:19 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-11-12 09:19 . 2013-11-12 09:19 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-11-12 09:16 . 2013-11-12 09:16 -------- d-----w- C:\AMD
2013-11-12 08:48 . 2013-11-17 13:05 -------- d-----w- c:\programdata\Kaspersky Lab
2013-11-12 08:48 . 2013-11-15 13:01 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-11-11 11:26 . 2013-11-11 11:26 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-08 13:31 . 2013-09-03 12:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-10-31 10:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-31 10:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-31 10:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-31 10:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-31 10:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-31 10:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-31 10:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 13:43 . 2012-10-18 13:50 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-11-15 13:43 . 2012-08-13 15:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-11-15 13:43 . 2012-09-03 17:23 29280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-11-15 13:43 . 2012-09-03 16:57 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-11-15 13:43 . 2012-06-19 16:28 7717984 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-11-13 11:33 . 2013-01-03 07:39 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 14:26 . 2013-03-19 08:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-10-08 14:01 . 2013-10-08 14:01 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-10-08 14:01 . 2010-07-07 01:15 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-10-08 14:01 . 2013-10-08 14:01 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-10-08 14:01 . 2010-07-07 01:14 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-10-08 14:01 . 2010-07-07 01:53 1237200 ----a-w- c:\windows\system32\aticfx64.dll
2013-10-08 14:01 . 2010-07-07 01:54 1030128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-10-08 14:00 . 2010-07-07 01:37 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-10-08 14:00 . 2013-10-08 14:00 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-10-08 14:00 . 2010-07-07 01:23 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-10-08 14:00 . 2010-07-07 01:28 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-10-08 14:00 . 2013-10-08 14:00 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-10-08 14:00 . 2013-10-08 14:00 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-10-08 13:58 . 2013-10-08 13:58 12534784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-10-08 13:39 . 2013-10-08 13:39 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-10-08 13:39 . 2013-10-08 13:39 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-10-08 13:38 . 2013-10-08 13:38 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-10-08 13:38 . 2013-10-08 13:38 127488 ----a-w- c:\windows\system32\coinst_13.152.1.8.dll
2013-10-08 13:38 . 2013-10-08 13:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-10-08 13:38 . 2013-10-08 13:38 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-10-08 13:38 . 2013-10-08 13:38 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-10-08 13:36 . 2013-10-08 13:36 23761408 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-10-08 13:34 . 2013-10-08 13:34 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-08 13:34 . 2013-10-08 13:34 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-08 13:17 . 2013-10-08 13:17 25385984 ----a-w- c:\windows\system32\atio6axx.dll
2013-10-08 13:13 . 2013-10-08 13:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-10-08 13:13 . 2013-10-08 13:13 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-10-08 13:13 . 2013-10-08 13:13 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-10-08 13:13 . 2013-10-08 13:13 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-10-08 13:13 . 2013-10-08 13:13 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-10-08 13:13 . 2013-10-08 13:13 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-10-08 13:09 . 2013-10-08 13:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-10-08 13:00 . 2013-10-08 13:00 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-10-08 12:54 . 2013-10-08 12:54 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-10-08 12:53 . 2013-10-08 12:53 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-10-08 12:53 . 2013-10-08 12:53 576512 ----a-w- c:\windows\system32\atieclxx.exe
2013-10-08 12:52 . 2013-10-08 12:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-10-08 12:51 . 2013-10-08 12:51 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-10-08 12:28 . 2010-07-07 01:16 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-10-08 12:28 . 2013-10-08 12:28 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-10-08 12:27 . 2013-10-08 12:27 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-10-08 12:27 . 2013-10-08 12:27 619008 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-10-08 12:24 . 2013-10-08 12:24 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-10-08 08:50 . 2013-10-08 08:50 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-10-08 08:45 . 2013-10-08 08:45 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-10-03 15:12 . 2013-10-03 15:12 142 ----a-w- c:\programdata\LaunchURL.bat
2013-09-08 02:30 . 2013-10-10 06:34 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 06:34 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 06:34 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-05 13:18 . 2013-09-05 13:18 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-05 13:18 . 2013-09-05 13:18 312232 ----a-w- c:\windows\system32\javaws.exe
2013-09-05 13:18 . 2013-09-05 13:18 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-05 13:18 . 2013-09-05 13:18 189352 ----a-w- c:\windows\system32\javaw.exe
2013-09-05 13:18 . 2013-09-05 13:18 188840 ----a-w- c:\windows\system32\java.exe
2013-09-05 13:18 . 2013-09-05 13:18 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-30 23:47 . 2013-08-30 23:47 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47 . 2013-08-30 23:47 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47 . 2013-08-30 23:47 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-08-30 23:47 . 2013-08-30 23:47 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-08-29 02:17 . 2013-10-10 06:34 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 06:34 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 06:34 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 06:34 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 06:34 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 06:34 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 06:34 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 06:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 06:34 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 06:34 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 06:34 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 06:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 06:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 06:34 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 06:34 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 06:34 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 06:34 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 06:34 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 17:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-15 356128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP ProfileReminder.lnk - c:\program files (x86)\Hewlett-Packard\HP Advanced Profiling Solution\HPProfileReminder.exe [2013-1-24 696320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
R1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
R2 KSS;Servizio Kaspersky Security Scan;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [x]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 cpuz136;cpuz136;c:\users\PC1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\PC1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 23:18 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 14:26]
.
2013-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 14:45]
.
2013-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 14:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-10-16 17:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-10-16 17:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-10-16 17:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 17:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: hp.com
TCP: Interfaces\{E143E27F-BFFE-41C0-8C00-EFDB24F40FD9}: NameServer = 151.99.125.1,151.99.0.100
FF - ProfilePath - c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\v2o43kja.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-56534080.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-11-17  14:29:31
ComboFix-quarantined-files.txt  2013-11-17 13:29
ComboFix2.txt  2013-10-28 09:05
ComboFix3.txt  2013-10-08 08:04
.
Pre-Run: 119.929.589.760 byte disponibili
Post-Run: 119.571.177.472 byte disponibili
.
- - End Of File - - 20976286CBE60EFE9942D50D6D8D71CD
A36C5E4F47E84449FF07ED3517B43A31


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 November 2013 - 06:11 AM

I need to know what exactly was removed - please upload the log files of Kaspersky, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 06:19 AM

Where can I find this log?  I looked for it but i cant found it. 

The virus was attached to a cad file i received



#8 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 06:26 AM

I found the detailed report in the Kaspersky pure - these are the lines in red: 
 
 
acaddoc.lsp Detected: HEUR:Virus.Acad.Generic G:\1- ARCHIVIO 2013 BKP\1 - Rendering\2- BOC\Rif. Milton Keynes 160513\FILE DAL CLIENTE 160513\ 15/11/2013 15:35:31
acaddoc.lsp Detected: Virus.Acad.Pasdoc.gen G:\1- ARCHIVIO 2013 BKP\1 - Rendering\2- BOCL\Rif. Milton Keynes 160513\FILE DAL CLIENTE 160513\ 15/11/2013 15:35:29
acaddoc.lsp Not disinfected: Virus.Acad.Pasdoc.gen G:\1- ARCHIVIO 2013 BKP\1 - Rendering\2- BOC\Rif. Milton Keynes 160513\FILE DAL CLIENTE 160513\ 15/11/2013 15:17:13
acaddoc.lsp Detected: Virus.Acad.Pasdoc.gen G:\1- ARCHIVIO 2013 BKP\1 - Rendering\2- BOC\Rif. Milton Keynes 160513\FILE DAL CLIENTE 160513\ 15/11/2013 15:17:13

Edited by ross78, 25 November 2013 - 06:29 AM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 November 2013 - 07:04 AM

Please reboot into safe mode with networking.

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 08:05 AM

Finally I did it.........during the save of txt file the pc freezed for several seconds.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-25 13:58:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Corsair_Force_GT rev.5.03 223,57GB
Running: gzchsong.exe; Driver: C:\Users\PC1\AppData\Local\Temp\uftdipow.sys
 
 
---- Registry - GMER 2.1 ----
 
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xDC 0x71 0x87 0x79 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x8E 0xDF 0xDE 0xB9 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x77 0x3C 0xD3 0x3F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                   C:\Program Files (x86)\DAEMON Tools Ultra\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                   0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xDC 0x71 0x87 0x79 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x8E 0xDF 0xDE 0xB9 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x77 0x3C 0xD3 0x3F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                       C:\Program Files (x86)\DAEMON Tools Ultra\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                       0x00 0x00 0x00 0x00 ...
 
---- EOF - GMER 2.1 ----


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 November 2013 - 08:20 AM

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 08:51 AM

I disabled the cd emulation but i can't run aswMBR.exe..........the computer crash completely before the program start .......just when i click the icon.


Edited by ross78, 25 November 2013 - 08:52 AM.


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 25 November 2013 - 09:21 AM

Create/Scan with Kaspersky Rescue Disk

Follow the instructions on this page for downloading the kav_rescue_10.iso (200 mb) file and creating the Kaspersky Rescue Disk.

Make sure you set to boot the machine from the CDRom drive first. Then save and exit the BIOS. The computer will begin to boot. Insert the disc in the CDrom drive, then restart the machine. It should then boot from that CD.

It's best if you refer to the instructions and images at Kaspersky How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Once it boots from CD, press a key so it continues to boot from that CD.

Select the language, then be sure to select Kaspersky Rescue Disk Graphic Mode.

Kaspersky should begin scanning your machine. If it finds infection, look carefully at the files it lists. If any of them seem to be legit files, do not allow it to clean/quarantine/delete them. Rather, save the log and post the results for me to look over.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 25 November 2013 - 11:56 AM

Nothing........i cant perform the scan process........this is the reporto of Kaspersky Rescue disk, i also tried froma a usb flash memori after cd iso burned.

 

 

Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:10)
11/25/13 4:21 PM Unable to start tasks Object not found
11/25/13 4:21 PM Task started
Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:00)
11/25/13 4:21 PM Unable to start tasks Object not found
11/25/13 4:21 PM Task started
Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:00)
11/25/13 4:26 PM Unable to start tasks Object not found
11/25/13 4:26 PM Task started
Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:08)
11/25/13 5:48 PM Unable to start tasks Object not found
11/25/13 5:48 PM Task started
Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:00)
11/25/13 5:49 PM Unable to start tasks Object not found
11/25/13 5:49 PM Task started
Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:00)
11/25/13 5:50 PM Unable to start tasks Object not found
11/25/13 5:50 PM Task started
Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:00)
11/25/13 5:50 PM Unable to start tasks Object not found
11/25/13 5:50 PM Task started
Objects Scan: malfunction    (events: 2, objects: 0, time: 00:00:00)
11/25/13 5:50 PM Task started
11/25/13 5:50 PM Unable to start tasks Object not found


#15 ross78

ross78
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 26 November 2013 - 03:39 AM

Hi TB........i tried again with the Rescue Disk but i had the same problems: the softare sais that the "Virus Database is Corrupted" and it cant start the scan process. When i try to update the virus database (this happen in the Rescue Disk Graphic Mode) it download the file but it says that there is a malfunction and the database is still corrupted.

Have you any idea? Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users