Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus


  • This topic is locked This topic is locked
33 replies to this topic

#1 leneshu

leneshu

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 20 December 2013 - 08:11 PM

Hi, yesterday I got this strange virus, couldn't do anything.

I was surfing the net, suddenly pop up a page with the police surveying my pc and that a have to pay for something and give my password of my banking card... I try to close the page but I got another window  saying something about an error.

I tried to run malwarebytes or restarting the pc in safe mode, but it didn't work.

In the end I found a way to run an antivirus on my driver ( the interal hdd become external and with the help of my laptop I run malawere ) , than I got here , I read some posts and run adwCleaner, JRT, comboFix .... but I don't know how to interpret the report files.

Now it seems to work just fine, but I want to be sure that I got rid of the virus.

I would appreciate if you could help me.

10x

 

P.S. running msconfig I descovered in startup this strange file : 7rgcl2b.jss (deleted) and  other files in a folder named B2LCGR7....


Edited by leneshu, 21 December 2013 - 03:22 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 25 December 2013 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518111 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 31 December 2013 - 06:44 AM

Hi Leneshu,

 

My name is etavares and I'll be helping you with this issue.

 

What does the lock screen look like?  Does it look like the one here?

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#cryptolocker

 

Or different?  It sounds a bit different...that would be good news.

 

Please also follow the instructions above if you are able.  Please also attach C:\combofix.txt

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 02 January 2014 - 03:50 AM

happy new year,

i was gone for the last days and now i see your reply, first i want to thank you and i'll be back today witn a the combofix file



#5 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 02 January 2014 - 04:34 AM

so, my virus problem it has nothing to do with cryptolocker, there was (i say ''was'' because now everything seems to work fine) onother window poping up asking for money and my pass account.

since than i run malawerebytes, combofix, adw cleaner and jrt... but i'm not sure that i got rid of the virus, i don't want that my passwords to be copyed by some virus program and god knows what happens than...

i'm running win7 64 bit

now i'm posting the dds log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 01/09/2013 22:05:31

System Uptime: 02/01/2014 09:35:36 (1 hours ago)

.

Motherboard: MSI | | 2A9C

Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 85,595 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1,651 GiB free.

E: is FIXED (NTFS) - 66 GiB total, 18,881 GiB free.

F: is FIXED (NTFS) - 83 GiB total, 55,606 GiB free.

G: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: LogMeIn Kernel Information Provider

Device ID: ROOT\LEGACY_LMIINFO\0000

Manufacturer:

Name: LogMeIn Kernel Information Provider

PNP Device ID: ROOT\LEGACY_LMIINFO\0000

Service: LMIInfo

.

==== System Restore Points ===================

.

RP94: 22/12/2013 19:04:13 - Punto di controllo pianificato

RP95: 24/12/2013 09:34:39 - Windows Update

RP96: 31/12/2013 09:03:58 - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

ACDSee

Activision®

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 12.0

Agatha Christie - Death on the Nile

ArcSoft TotalMedia Theatre 6

Assassins Creed IV Black Flag

ATI Catalyst Install Manager

Torrent

AutoCorect 4.1.5

avast! Free Antivirus

Bejeweled 2 Deluxe

Bing Bar

BS.Player FREE

calibre 64bit

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chuzzle Deluxe

Counter-Strike

Counter-Strike 1.6

Counter Strike 1.6

CyberLink DVD Suite Deluxe

DAEMON Tools Lite

Diner Dash 2 Restaurant Rescue

DVD Menu Pack for HP MediaSmart Video

Epson Event Manager

EPSON Scan

EPSON SX130 Series Printer Uninstall

FATE

FileHippo.com Update Checker

GameRanger

Google Chrome

Google Update Helper

Guida utente EPSON SX130 Series

Hercules Deluxe Optical Glass

Hewlett-Packard ACLM.NET v1.2.1.1

HP Advisor

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

HydraVision

Insaniquarium Deluxe

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java™ 6 Update 45

Jewel Quest II

Jewel Quest Solitaire

John Deere Drive Green

Junk Mail filter update

K-Lite Codec Pack 7.1.0 (Full)

LabelPrint

LightScribe System Software

LogMeIn Hamachi

Magic Desktop

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

Microsoft .NET Framework 4 Client Profile ITA Language Pack

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Mobipocket Reader 6.2

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 26.0 (x86 it)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicStation

Nero BackItUp

Nero BackItUp 12 Essentials

Nero BackItUp Help (CHM)

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero RescueAgent

Nero RescueAgent Help (CHM)

Nero Update

Nitro Pro 8

NVIDIA PhysX

Opera Stable 17.0.1241.45

PDF Complete Special Edition

Penguins!

PhotoNow!

PictureMover

Plants vs. Zombies

PlayReady PC Runtime amd64

Polar Bowler

Power2Go

PowerDirector

Prerequisite installer

Raccolta foto di Windows Live

Realtek High Definition Audio Driver

Recovery Manager

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition

Skype Click to Call

Skype 6.11

Slingo Deluxe

SopCast Plugin V6 - www.cool-tv.ro

Strumento di caricamento di Windows Live

swMSM

System Requirements Lab CYRI

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Virtual Villagers - The Secret City

VLC media player 2.0.7

Wedding Dash

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Writer

WinRAR archiver

X-Lite 4

X-Men Origins - Wolverine™

Yahoo! Messenger

Zuma Deluxe

.

==== End Of File ===========================



#6 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 02 January 2014 - 04:38 AM

dds it's got onether file on my desktop, called dds, i'm ot sure you want to see this, but...

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 1.6.0_45

Run by Pisoi at 10:20:23 on 2014-01-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6007.4684 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\SysWOW64\ezSharedSvcHost.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

TCP: Interfaces\{C2013058-1B85-424A-9F62-E763F8A9EE8C} : DHCPNameServer = 192.168.1.254 62.101.93.101 83.103.25.250

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-12 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-12 205320]

R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2013-11-9 604192]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-12 1032416]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-10-12 409832]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-26 203264]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-10-12 38984]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-12 84328]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-16 50344]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-9-1 151648]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-26 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-9-2 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-12 418376]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-1 230920]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-26 635416]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-26 2320920]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-2 283064]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-26 56344]

R3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2013-9-1 111104]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-12 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-26 346144]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-12 701512]

S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe --> C:\Windows\SysWOW64\nlssrv32.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-3 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-3 57856]

S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-2 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: AutoCorectFile="C:\Program Files (x86)\AutoCorect\AutoCorect.exe" "%L"

ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"

.

=============== Created Last 30 ================

.

2013-12-31 08:04:25 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90E17C08-4B0C-4C45-B92D-CD4F1E9FDBD0}\mpengine.dll

2013-12-30 14:06:57 -------- d-----w- C:\Users\Pisoi\AppData\Roaming\GameRanger

2013-12-23 09:34:54 -------- d-sh--w- C:\$RECYCLE.BIN

2013-12-22 13:10:11 -------- d-----w- C:\ProgramData\Orbit

2013-12-21 13:24:04 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2013-12-21 10:32:24 -------- d-----w- C:\Users\Pisoi\AppData\Local\Macromedia

2013-12-20 23:41:46 -------- d-----w- C:\Windows\ERUNT

2013-12-20 23:33:13 -------- d-----w- C:\AdwCleaner

2013-12-19 17:34:05 -------- d-----w- C:\ProgramData\Steam

2013-12-19 15:03:44 -------- d-----w- C:\Program Files (x86)\Assassins Creed IV Black Flag

2013-12-16 12:24:48 -------- d-----w- C:\Users\Pisoi\AppData\Roaming\AVAST Software

2013-12-13 13:23:29 -------- d-----w- C:\ProgramData\Battle.net

2013-12-12 11:50:10 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 11:50:10 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 11:50:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-12 11:50:09 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-12 11:49:01 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-12-12 11:49:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-12-12 11:49:00 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2013-12-12 11:49:00 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2013-12-12 11:49:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-12-12 11:49:00 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2013-12-12 11:49:00 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-12-12 11:49:00 270848 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2013-12-12 11:49:00 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2013-12-12 11:49:00 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-12-12 07:34:05 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-12 07:34:05 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-12 07:34:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-12 07:34:04 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-12 07:34:04 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-12 07:34:04 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-12 07:34:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-12 07:34:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-12 07:34:02 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-12 07:33:59 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-12 07:33:59 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-12 07:33:59 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-12 07:33:59 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-12 07:33:59 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-12 07:33:59 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-12 07:33:58 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-12 07:33:58 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-12 07:33:58 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-12 07:33:58 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-11 07:28:18 -------- d-----w- C:\ProgramData\Easybits Magic Desktop for HP

2013-12-10 18:48:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-04 11:38:41 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

.

==================== Find3M ====================

.

2013-12-21 10:31:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-16 07:28:36 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-12-16 07:28:36 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-12-16 07:28:36 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-12-16 07:28:36 43152 ----a-w- C:\Windows\avastSS.scr

2013-12-16 07:28:36 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-12-16 07:28:36 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-27 13:40:08 477616 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-10-27 13:40:08 473520 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-10-17 16:30:30 88984 ----a-w- C:\Windows\System32\drivers\hola_mon_drv.sys

2013-10-17 16:30:30 582680 ----a-w- C:\Windows\System32\drivers\hola_drv.sys

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

.

============= FINISH: 10:20:57,39 ===============



#7 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 02 January 2014 - 04:49 AM

and the combofix file:

 

ComboFix 14-01-01.01 - Pisoi 02/01/2014  10:40:53.13.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.6007.4506 [GMT 1:00]
Eseguito da: c:\users\Pisoi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-12-02 al 2014-01-02  )))))))))))))))))))))))))))))))))))
.
.
2014-01-02 09:46 . 2014-01-02 09:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-02 09:46 . 2014-01-02 09:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-31 08:04 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90E17C08-4B0C-4C45-B92D-CD4F1E9FDBD0}\mpengine.dll
2013-12-30 14:06 . 2013-12-30 14:07 -------- d-----w- c:\users\Pisoi\AppData\Roaming\GameRanger
2013-12-22 13:10 . 2013-12-22 13:10 -------- d-----w- c:\programdata\Orbit
2013-12-21 13:24 . 2013-12-21 13:24 -------- d-----w- c:\program files (x86)\FileHippo.com
2013-12-21 10:32 . 2013-12-21 10:32 -------- d-----w- c:\users\Pisoi\AppData\Local\Macromedia
2013-12-21 10:31 . 2013-12-21 10:31 -------- d-----w- c:\programdata\McAfee
2013-12-20 23:41 . 2013-12-20 23:41 -------- d-----w- c:\windows\ERUNT
2013-12-20 23:33 . 2013-12-22 22:24 -------- d-----w- C:\AdwCleaner
2013-12-19 17:34 . 2013-12-19 17:34 -------- d-----w- c:\programdata\Steam
2013-12-19 15:03 . 2013-12-19 16:00 -------- d-----w- c:\program files (x86)\Assassins Creed IV Black Flag
2013-12-16 12:24 . 2013-12-16 12:24 -------- d-----w- c:\users\Pisoi\AppData\Roaming\AVAST Software
2013-12-13 13:23 . 2013-12-13 13:23 -------- d-----w- c:\programdata\Battle.net
2013-12-12 11:50 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 11:50 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 11:50 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 11:50 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 11:50 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-12 11:49 . 2013-11-26 10:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-12 11:49 . 2013-11-26 09:23 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-12-12 11:49 . 2013-11-27 00:52 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-12-12 11:49 . 2013-11-27 00:20 235216 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-12-12 11:49 . 2013-11-26 10:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-12-12 11:49 . 2013-11-26 08:34 482816 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-12 11:49 . 2013-11-26 07:55 469504 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2013-12-12 11:49 . 2013-11-26 06:48 353280 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-12-12 11:49 . 2013-11-26 06:41 251392 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-12-12 11:49 . 2013-11-26 06:22 270848 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-12-12 07:34 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-12 07:34 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-12 07:34 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-12 07:34 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-12 07:34 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 07:34 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 07:34 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-12 07:34 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-12 07:34 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-12 07:33 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 07:33 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 07:33 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-12 07:33 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 07:33 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 07:33 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 07:33 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-12 07:33 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 07:33 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-12 07:33 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-11 07:28 . 2013-12-11 16:46 -------- d-----w- c:\programdata\Easybits Magic Desktop for HP
2013-12-10 18:48 . 2013-12-21 10:31 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-04 11:38 . 2013-12-04 11:38 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-21 10:31 . 2013-09-01 20:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-16 07:28 . 2013-10-12 07:54 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-16 07:28 . 2013-10-12 07:54 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-16 07:28 . 2013-10-12 07:54 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-16 07:28 . 2013-10-12 07:54 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-16 07:28 . 2013-10-12 07:54 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-16 07:28 . 2013-10-12 07:54 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-16 07:28 . 2013-10-12 07:54 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-16 07:28 . 2013-10-12 07:54 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-16 07:28 . 2013-10-12 07:53 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-16 07:28 . 2013-10-12 07:53 43152 ----a-w- c:\windows\avastSS.scr
2013-12-12 11:46 . 2013-09-01 21:48 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-01 20:01 . 2013-12-01 20:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-01 20:01 . 2013-12-01 20:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-01 20:01 . 2013-12-01 20:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-01 20:01 . 2013-12-01 20:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-01 20:01 . 2013-12-01 20:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-01 20:01 . 2013-12-01 20:01 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-01 20:01 . 2013-12-01 20:01 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-01 20:01 . 2013-12-01 20:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-01 20:01 . 2013-12-01 20:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-01 20:01 . 2013-12-01 20:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-01 20:01 . 2013-12-01 20:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-01 20:01 . 2013-12-01 20:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-01 20:01 . 2013-12-01 20:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-01 20:01 . 2013-12-01 20:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-01 20:01 . 2013-12-01 20:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-01 20:01 . 2013-12-01 20:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-01 20:01 . 2013-12-01 20:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-01 20:01 . 2013-12-01 20:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-01 20:01 . 2013-12-01 20:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-01 20:01 . 2013-12-01 20:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-01 20:01 . 2013-12-01 20:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-01 20:01 . 2013-12-01 20:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-01 20:01 . 2013-12-01 20:01 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-01 20:01 . 2013-12-01 20:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-01 20:01 . 2013-12-01 20:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-01 20:01 . 2013-12-01 20:01 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-01 20:01 . 2013-12-01 20:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-01 20:01 . 2013-12-01 20:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-01 20:01 . 2013-12-01 20:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-01 20:01 . 2013-12-01 20:01 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-01 20:01 . 2013-12-01 20:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-01 20:01 . 2013-12-01 20:01 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-01 20:01 . 2013-12-01 20:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-01 20:01 . 2013-12-01 20:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-01 20:01 . 2013-12-01 20:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-01 20:01 . 2013-12-01 20:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-01 20:01 . 2013-12-01 20:01 413696 ----a-w- c:\windows\system32\html.iec
2013-12-01 20:01 . 2013-12-01 20:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-01 20:01 . 2013-12-01 20:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-01 20:01 . 2013-12-01 20:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-01 20:01 . 2013-12-01 20:01 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-01 20:01 . 2013-12-01 20:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-01 20:01 . 2013-12-01 20:01 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-01 20:01 . 2013-12-01 20:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-01 20:01 . 2013-12-01 20:01 235520 ----a-w- c:\windows\system32\url.dll
2013-12-01 20:01 . 2013-12-01 20:01 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-01 20:01 . 2013-12-01 20:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-01 20:01 . 2013-12-01 20:01 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-01 20:01 . 2013-12-01 20:01 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-01 20:01 . 2013-12-01 20:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-01 20:01 . 2013-12-01 20:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-01 20:01 . 2013-12-01 20:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-01 20:01 . 2013-12-01 20:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-01 20:01 . 2013-12-01 20:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-01 20:01 . 2013-12-01 20:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-01 20:01 . 2013-12-01 20:01 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-01 20:01 . 2013-12-01 20:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-01 20:01 . 2013-12-01 20:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-01 20:01 . 2013-12-01 20:01 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 02:33 . 2013-10-12 08:01 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-27 13:40 . 2013-10-27 13:40 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-10-27 13:40 . 2013-10-27 13:40 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-10-17 16:30 . 2013-10-12 08:40 88984 ----a-w- c:\windows\system32\drivers\hola_mon_drv.sys
2013-10-17 16:30 . 2013-10-12 08:40 582680 ----a-w- c:\windows\system32\drivers\hola_drv.sys
2013-10-14 17:00 . 2013-12-01 20:04 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-14 18:08 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 18:08 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 18:08 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 18:08 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 18:08 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 18:08 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 18:08 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-16 3568312]
"CamserviceOG"="c:\program files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe" [2009-10-19 2999080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys;c:\windows\SYSNATIVE\Drivers\hxctlflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 17:00 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 10:31]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02 08:06]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02 08:06]
.
2013-12-30 c:\windows\Tasks\HPCeeScheduleForPisoi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-16 07:28 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamserviceOG"="c:\program files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe" [2009-10-19 2999080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-12 21720]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.com
.
.
------- Associazioni dei file -------
.
.txt=AutoCorectFile
.
Supplementary scan did not complete!
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-EPSON Scanner - c:\program files (x86)\epson\escndv\setup\setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.032"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.abr"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.ani"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.apd"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ARW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.arw"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.bay"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2157945565-2363590187-2897229371-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.bw"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.cr2"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.crw"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.cs1"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.cur"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.dcr"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.dcx"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.dib"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.djv"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.djvu"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.dng"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.emf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.eps"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ERF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.erf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.fff"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2157945565-2363590187-2897229371-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\ACDSee.exe"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.hdr"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.icl"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.icn"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.iff"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.ilbm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.int"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.inta"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.iw4"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.j2c"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.j2k"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jbr"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jfif"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jif"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jp2"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jpc"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jpe"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jpeg"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2157945565-2363590187-2897229371-1000)
@Denied: (2) (LocalSystem)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jpk"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.jpx"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.kdc"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.lbm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.mef"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.mos"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.mrw"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.nef"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.nrw"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ORF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.orf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pbm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pbr"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pcd"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pct"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pcx"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PEF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pef"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pgm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pic"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pict"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2157945565-2363590187-2897229371-1000)
@Denied: (2) (LocalSystem)
"Progid"="HPMSPhoto.PNG"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.ppm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.psd"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.psp"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pspbrush"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.pspimage"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.raf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.ras"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.raw"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.rgb"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.rgba"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.rle"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.rsb"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.rw2"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.rwl"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.sgi"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.sr2"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.srf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.srw"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.tga"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.thm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.tif"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.tiff"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.ttc"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.ttf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v16o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.v16o"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v16p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.v16p"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v16pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.v16pf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.wbm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.wbmp"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.wmf"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.xbm"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.xif"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.xmp"
.
[HKEY_USERS\S-1-5-21-2157945565-2363590187-2897229371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 16.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-01-02  10:47:46
ComboFix-quarantined-files.txt  2013-10-10 16:48
.
Pre-Run: 91.724.771.328 byte disponibili
Post-Run: 91.522.707.456 byte disponibili
.
- - End Of File - - 87659D460855306EC730C5D15248D87D
 



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 02 January 2014 - 08:48 PM

Hello, leneshu.
 
Not too much visible in there.  We'll do an online scan for another opinion.  We do need to make a couple minor tweaks though.
 
 
 
Step 1
 
I'd like us to scan your machine with ESET OnlineScan

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
 
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
 
 
 
 
Step 2
 
Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of  Windows Offline (32-bit)]Java Runtime Environment (JRE) 7 Update 25 32-bit version[/URL].  Note that if you have 64-bit windows, the default is to use a 32-bit browser.  If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
Java 6 Update 45
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the java file you downloaded to install the newest version.  If you downloaded the 64-bit version, make sure to install that as well.
 
 
 
 
Step 3
 
Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

   

   
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
   
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
 
The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  • Please locate the ERUNT icon on the desktop.  If it is not there, click Start and type ERUNT into the search box.
  • Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  • Click OK at the first message box.
  • Ensure the checkboxes for both "system registry" and "current user registry" are checked.  Leave the default save location in there.
  • Click OK.
  • Click Yes to create the new folder.
  • You'll get a window saying "registry backup complete" once it's done.  Click OK.  If you get an error message, please STOP here and let me know.  Do not proceed with any additional instructions until you check back with me.
 
 
 
Step 4
 
  • Open notepad.
  • Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
  • Save it to your desktop (click file, save as) as "fixit.reg" with the quotes.
 
REGEDIT4
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
 
 
NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
 
Please reply back letting me know if it merged correctly.
 
 
 
 
Step 5
 
In your reply, please post the ESET log (note that there isn't one if no threats are found) and a new DDS scan (just dds.txt is fine this time).
 
 
 
etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 03 January 2014 - 04:48 PM

ESET didn't find anything ( no threats found) so there wasn't any list of threats to export. 

Now for the Java part, when i bought  my pc, win 7 64 bit, was already installed.  So I uninstalled Java, than save both files (java32, java64), installed them, but ...after the first one(java32), I get this message ''BrowserLaunchError3'', and the some mess. after I installed java64. However java seems to work fine... (i played chess on Yahoo :) )

I did the registry backup too, than create the fixit.reg file, it merged correctly.

 

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.25.2

Run by Pisoi at 22:22:44 on 2014-01-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6007.4529 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\SysWOW64\ezSharedSvcHost.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Pisoi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: Interfaces\{C2013058-1B85-424A-9F62-E763F8A9EE8C} : DHCPNameServer = 192.168.1.254 62.101.93.101 83.103.25.250

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Pisoi\AppData\Roaming\Mozilla\Firefox\Profiles\1jlhoiaq.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-12 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-12 205320]

R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2013-11-9 604192]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-12 1032416]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-10-12 409832]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-26 203264]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-10-12 38984]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-12 84328]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-16 50344]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-9-1 151648]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-26 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-9-2 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-12 418376]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-1 230920]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-26 635416]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-26 2320920]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-2 283064]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-26 56344]

R3 hxctlflt;hxctlflt;C:\Windows\System32\drivers\hxctlflt.sys [2013-9-1 111104]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-12 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-26 346144]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-12 701512]

S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe --> C:\Windows\SysWOW64\nlssrv32.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-3 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-3 57856]

S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-2 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: AutoCorectFile="C:\Program Files (x86)\AutoCorect\AutoCorect.exe" "%L"

ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"

.

=============== Created Last 30 ================

.

2014-01-03 20:30:29 972712 ----a-w- C:\Windows\System32\deployJava1.dll

2014-01-03 20:30:29 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll

2014-01-03 20:30:24 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2014-01-03 20:29:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-03 17:19:11 -------- d-----w- C:\Program Files (x86)\ESET

2014-01-03 10:39:05 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3CAF4C3F-AC33-4D9B-8F66-FDFBC393348F}\mpengine.dll

2014-01-02 09:47:49 -------- d-sh--w- C:\$RECYCLE.BIN

2013-12-30 14:06:57 -------- d-----w- C:\Users\Pisoi\AppData\Roaming\GameRanger

2013-12-22 13:10:11 -------- d-----w- C:\ProgramData\Orbit

2013-12-21 13:24:04 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2013-12-21 10:32:24 -------- d-----w- C:\Users\Pisoi\AppData\Local\Macromedia

2013-12-20 23:41:46 -------- d-----w- C:\Windows\ERUNT

2013-12-20 23:33:13 -------- d-----w- C:\AdwCleaner

2013-12-19 17:34:05 -------- d-----w- C:\ProgramData\Steam

2013-12-19 15:03:44 -------- d-----w- C:\Program Files (x86)\Assassins Creed IV Black Flag

2013-12-16 12:24:48 -------- d-----w- C:\Users\Pisoi\AppData\Roaming\AVAST Software

2013-12-13 13:23:29 -------- d-----w- C:\ProgramData\Battle.net

2013-12-12 11:50:10 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 11:50:10 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 11:50:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-12 11:50:09 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-12 11:49:01 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-12-12 11:49:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-12-12 11:49:00 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2013-12-12 11:49:00 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2013-12-12 11:49:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-12-12 11:49:00 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2013-12-12 11:49:00 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-12-12 11:49:00 270848 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2013-12-12 11:49:00 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2013-12-12 11:49:00 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-12-12 07:34:05 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-12-12 07:34:05 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-12-12 07:34:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-12-12 07:34:04 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-12-12 07:34:04 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-12-12 07:34:04 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-12 07:34:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-12-12 07:34:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-12-12 07:34:02 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-12-12 07:33:59 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-12-12 07:33:59 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-12-12 07:33:59 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-12-12 07:33:59 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-12-12 07:33:59 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-12-12 07:33:59 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-12-12 07:33:58 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-12-12 07:33:58 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-12-12 07:33:58 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-12-12 07:33:58 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-12-11 07:28:18 -------- d-----w- C:\ProgramData\Easybits Magic Desktop for HP

2013-12-10 18:48:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2014-01-03 20:29:27 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2014-01-03 20:29:26 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-12-21 10:31:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-16 07:28:36 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-12-16 07:28:36 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-12-16 07:28:36 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-12-16 07:28:36 43152 ----a-w- C:\Windows\avastSS.scr

2013-12-16 07:28:36 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-12-16 07:28:36 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-17 16:30:30 88984 ----a-w- C:\Windows\System32\drivers\hola_mon_drv.sys

2013-10-17 16:30:30 582680 ----a-w- C:\Windows\System32\drivers\hola_drv.sys

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

.

============= FINISH: 22:23:13,79 ===============



#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 03 January 2014 - 05:19 PM

Hi, OK it does appear you are free from viruses after what you did before.

However, are you still getting that Browser error?  Or it went away after installing the 64 bit version?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 03 January 2014 - 05:22 PM

http://imageshack.us/photo/my-images/30/x2d.png/

now , after all this downloads, install/uninstall, scans.... I noticed a strange ''shadow'' on my screen , the image above can explain better :) , it's about the right side of the screen, the red square...

can you tell what it is?? (problems with my monitor or something else)

-----------------------------------------

 

no error mess. from java for now    


Edited by leneshu, 03 January 2014 - 05:46 PM.


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 03 January 2014 - 08:26 PM

Glad to see no errors from Java.  I'm not seeing the shadow there. To me, the shadow in the red square looks like the shadow on the other side.  Can you please upload a full resolution picture?  I can't zoom in that without it getting pixelated.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 04 January 2014 - 12:55 PM

After you clcik on my link http://imageshack.us/photo/my-images/30/x2d.png/, on the picture (the right side, go with your mouse), and you will see 3 buttons, one is for zoom.

Another question, like I said, before asking for help I scan my pc with combofix, adwcleaner and JRT, they all find some virus and there are some files in quarantine. Now what I do with those files?? Delete all (manually) or do nothing?

And I want to thank you for your help.

10x



#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 05 January 2014 - 06:40 AM

Hi leneshu,

 

The zoom button didn't work for me in Chrome or IE, I had tried it before.  But, I pasted the direct link in and got the full resolution version.  I'm not seeing any difference in the shadow on that side...it looks the same as the left side.  Am I missing something?

 

I'll help you remove those quarantines, but I want to resolve the graphics issue first.  If you're OK with it, we can remove them.  But we lose the ability to roll back any changes that may have caused it.  Please let me know if you're OK with that.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 leneshu

leneshu
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 07 January 2014 - 03:39 PM

About that image (screenshot of my desktop), my point is that those shadows( stripes), on my laptop you don't see them. I noticed those shadows/stripes 2 weeks ago...

And about those quarantines, I think if my pc works fine with those files in quarantine, than it musy work just fine without them ?!?? Or not? Than again it doesn't bother me if it remains in quarantine.

I just need an advice, what do you think it would be better? Erase them ( and than how) or  not? 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users