Hi to all,
I'm a new member and not too expert about computer and forum ... I hoped, therefore, to act the right way in creating this thread!
since yesterday I'm struggling with a virus that activated continuously reports of attempts to attack and that Avast can not eradicate in the traditional way (which in my case is the starting of Avast' scandisk ) ... before I decided to do things right and follow your routine, I looked here and there in the network to seek remedy, finding none. On the other hand there enclose in addition to those asked of, also the logfile of aswMBR which has so far the only, proven by me, able to locate it but not to eradicate.
ps: sorry for my english. I'm italian
-----------------------
here is Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org
Versione database: v2012.07.28.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Agazius :: BLACKTENSOR [amministratore]
Protezione: Attivata
29/07/2012 00:42:50
mbam-log-2012-07-29 (00-42-50).txt
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 199828
Tempo impiegato: 1 minuti, 54 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
(fine)
----------------------
GMER hasn't produced any log.
----------------------
The file DDS.txt :
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Agazius at 0:49:40 on 2012-07-29
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.39.1040.18.4094.2678 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\DAODx.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ProShowGold\ScsiAccess.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\NeMeSys_fastweb\dist\Nemesys.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\MagicRotation\MagicPvt.exe
C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\SysWOW64\FpsGunTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Agazius\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\MagicTune Premium\MagicTune.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Supporti Registrazione test Web Microsoft 10.0: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
mRun: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe
mRun: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [FpsGun] C:\Windows\system32\FpsGunTray.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe /StartRunKey
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Agazius\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCPROT~1.LNK - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Users\Agazius\Desktop\PartyPoker.it.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D440142B-1129-4CB4-83AB-02C7525204AD} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{326E768D-4182-46FD-9C16-1449A49795F4}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
mRun-x64: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe
mRun-x64: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [FpsGun] C:\Windows\system32\FpsGunTray.exe
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe /StartRunKey
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Users\Agazius\Desktop\PartyPoker.it.lnk
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Agazius\AppData\Roaming\Mozilla\Firefox\Profiles\rtaa1pbo.default\
FF - prefs.js: browser.startup.homepage - hxxp://mightandmagicheroeskingdoms.ubi.com/en/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Agazius\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Agazius\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Agazius\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-27 44808]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-23 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-23 128512]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-27 655944]
R2 NeMeSys;NeMeSys Service;C:\Program Files (x86)\NeMeSys_fastweb\dist\Nemesys.exe [2011-2-28 34304]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-8-18 79360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio di Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-8-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-18 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Programma di aggiornamento;C:\Giochi\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-10-30 25832]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-28 20:05:16--------d-----w-C:\Program Files\Enigma Software Group
2012-07-28 17:19:00--------d-sh--w-C:\$RECYCLE.BIN
2012-07-28 12:36:10--------d-----w-C:\Program Files (x86)\ESET
2012-07-28 11:24:0598816----a-w-C:\Windows\sed.exe
2012-07-28 11:24:05518144----a-w-C:\Windows\SWREG.exe
2012-07-28 11:24:05256000----a-w-C:\Windows\PEV.exe
2012-07-28 11:24:05208896----a-w-C:\Windows\MBR.exe
2012-07-28 10:33:01--------d-----w-C:\_OTL
2012-07-27 15:14:25--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-07-27 14:20:4027256----a-w-C:\Windows\System32\drivers\FixZeroAccess.sys
2012-07-27 13:45:20--------d-----w-C:\Users\Agazius\AppData\Roaming\Malwarebytes
2012-07-27 13:45:1124904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-07-27 13:45:11--------d-----w-C:\ProgramData\Malwarebytes
2012-07-27 13:45:11--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-27 10:54:1954072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
.
==================== Find3M ====================
.
2012-07-27 16:44:4670344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 16:44:46426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 16:21:52958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:5271064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:3241224----a-w-C:\Windows\avastSS.scr
2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:1236864----a-w-C:\Windows\System32\wuapp.exe
.
============= FINISH: 0:50:21,83 ===============
And the file Attach.txt :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate N
Boot Device: \Device\HarddiskVolume1
Install Date: 18/08/2010 12:25:54
System Uptime: 29/07/2012 00:39:23 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Crosshair III Formula
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 130 GiB total, 4,981 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: ATK0110 ACPI UTILITY
Device ID: ACPI\ATK0110\1010110
Manufacturer: ATK
Name: ATK0110 ACPI UTILITY
PNP Device ID: ACPI\ATK0110\1010110
Service: MTsensor
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ASInsHelp
Device ID: ROOT\LEGACY_ASINSHELP\0000
Manufacturer:
Name: ASInsHelp
PNP Device ID: ROOT\LEGACY_ASINSHELP\0000
Service: ASInsHelp
.
==== System Restore Points ===================
.
RP424: 28/07/2012 22:04:59 - Installed RegHunter
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
AC3Filter 1.62b
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.3) - Italiano
Adobe Stock Photos 1.0
AdunanzA
Apple Application Support
Apple Software Update
ASUSUpdate
ATI Catalyst Registration
AutoRotation
avast! Free Antivirus
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
Conduit Engine
Creative ALchemy
Crysis
Crysis Warhead
Crysis Wars
Crystal Reports for Visual Studio
Diablo III
DivX Setup
Dotfuscator Software Services - Community Edition
Dotfuscator Software Services - Community Edition - ITA
Dragon Age: Origins
EPSON Scan
ESET Online Scanner v3
EVEREST Ultimate Edition v5.50
Far Cry (Patch 1.4)
FastStone Capture 5.9
FPSGUN Mouse
Framework applic. livello dati di Microsoft SQL Server 2008 R2
GameSpy Comrade
Garmin BaseCamp
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Earth Plug-in
Google Update Helper
HydraVision
Java Auto Updater
Java(TM) 6 Update 29
Language Pack di Microsoft Visual F# 2.0 Runtime - ITA
Magic: The Gathering - Duels of the Planeswalkers
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes Anti-Malware versione 1.62.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - ITA
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - ITA
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK - Italiano
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ITA
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1 it
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Ultimate - ITA
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Macro Tools - ITA Language Pack
ModernRcon v0.8
Mozilla Firefox 14.0.1 (x86 it)
Mozilla Maintenance Service
MultiScreen
Natural Color Pro
NeMeSys_fastweb versione 1.6.5.11
Norton Security Scan
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
Pando Media Booster
PartyPoker.it
Photodex Presenter
PhotoDVD 2.9.6.1c
ProShow Gold
PunkBuster Services
Purrint23 (remove only)
QuickTime
Raptr
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RW-Everything v1.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Sound Blaster X-Fi MB
SoundMAX
Steam
The Lord of the Rings FREE Trial
UltraISO Premium V9.35
Unity Web Player
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA
VLC media player 1.1.7
Vuze
Vuze Remote Toolbar
Widget vodafone.it
WinRAR gestione archivi
Xfire (remove only)
.
==== End Of File ===========================
----------------
probably do not need but here also the aswMBR1.txt :
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 00:08:51
-----------------------------
00:08:51.149 OS Version: Windows x64 6.1.7600
00:08:51.149 Number of processors: 4 586 0x403
00:08:51.149 ComputerName: BLACKTENSOR UserName: Agazius
00:08:51.459 Initialize success
00:08:54.411 AVAST engine defs: 12072801
00:08:57.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:08:57.094 Disk 0 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 3
00:08:57.109 Disk 0 MBR read successfully
00:08:57.110 Disk 0 MBR scan
00:08:57.112 Disk 0 Windows 7 default MBR code
00:08:57.118 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:08:57.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9900 MB offset 206848
00:08:57.127 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 133087 MB offset 20482048
00:08:57.131 Disk 0 scanning C:\Windows\system32\drivers
00:09:00.449 Service scanning
00:09:10.288 Modules scanning
00:09:10.292 Disk 0 trace - called modules:
00:09:10.305 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:09:10.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b13060]
00:09:10.311 3 CLASSPNP.SYS[fffff880019ae43f] -> nt!IofCallDriver -> [0xfffffa8004a449b0]
00:09:10.314 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b07060]
00:09:10.590 AVAST engine scan C:\Windows
00:09:11.771 AVAST engine scan C:\Windows\system32
00:09:48.530 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:09:49.341 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:09:53.916 Disk 0 MBR has been saved successfully to "C:\Users\Agazius\Desktop\MBR.dat"
00:09:53.924 The log file has been saved successfully to "C:\Users\Agazius\Desktop\aswMBR.txt"
00:10:37.911 AVAST engine scan C:\Windows\system32\drivers
00:10:41.737 AVAST engine scan C:\Users\Agazius
00:12:25.783 AVAST engine scan C:\ProgramData
00:13:31.326 Scan finished successfully
00:13:57.152 Disk 0 MBR has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\MBR.dat"
00:13:57.155 The log file has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\aswMBR.txt"
00:14:49.028 Verifying
00:14:59.032 Disk 0 Windows 601 MBR fixed successfully
00:38:34.789 Disk 0 MBR has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\MBR.dat"
00:38:34.805 The log file has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\aswMBR1.txt"
-------------------------
-------------------------
Thanks in advance for any help
I'm a new member and not too expert about computer and forum ... I hoped, therefore, to act the right way in creating this thread!
since yesterday I'm struggling with a virus that activated continuously reports of attempts to attack and that Avast can not eradicate in the traditional way (which in my case is the starting of Avast' scandisk ) ... before I decided to do things right and follow your routine, I looked here and there in the network to seek remedy, finding none. On the other hand there enclose in addition to those asked of, also the logfile of aswMBR which has so far the only, proven by me, able to locate it but not to eradicate.
ps: sorry for my english. I'm italian
-----------------------
here is Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org
Versione database: v2012.07.28.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Agazius :: BLACKTENSOR [amministratore]
Protezione: Attivata
29/07/2012 00:42:50
mbam-log-2012-07-29 (00-42-50).txt
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 199828
Tempo impiegato: 1 minuti, 54 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
(fine)
----------------------
GMER hasn't produced any log.
----------------------
The file DDS.txt :
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Agazius at 0:49:40 on 2012-07-29
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.39.1040.18.4094.2678 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\DAODx.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ProShowGold\ScsiAccess.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\NeMeSys_fastweb\dist\Nemesys.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\MagicRotation\MagicPvt.exe
C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
C:\Windows\SysWOW64\FpsGunTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Agazius\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\MagicTune Premium\MagicTune.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Supporti Registrazione test Web Microsoft 10.0: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
mRun: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe
mRun: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [FpsGun] C:\Windows\system32\FpsGunTray.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe /StartRunKey
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Agazius\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCPROT~1.LNK - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Users\Agazius\Desktop\PartyPoker.it.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D440142B-1129-4CB4-83AB-02C7525204AD} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{326E768D-4182-46FD-9C16-1449A49795F4}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
mRun-x64: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe
mRun-x64: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [FpsGun] C:\Windows\system32\FpsGunTray.exe
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe /StartRunKey
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Users\Agazius\Desktop\PartyPoker.it.lnk
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Agazius\AppData\Roaming\Mozilla\Firefox\Profiles\rtaa1pbo.default\
FF - prefs.js: browser.startup.homepage - hxxp://mightandmagicheroeskingdoms.ubi.com/en/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Agazius\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Agazius\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Agazius\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-27 44808]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-23 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-23 128512]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-27 655944]
R2 NeMeSys;NeMeSys Service;C:\Program Files (x86)\NeMeSys_fastweb\dist\Nemesys.exe [2011-2-28 34304]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-8-18 79360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio di Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-8-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-18 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Programma di aggiornamento;C:\Giochi\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-10-30 25832]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-28 20:05:16--------d-----w-C:\Program Files\Enigma Software Group
2012-07-28 17:19:00--------d-sh--w-C:\$RECYCLE.BIN
2012-07-28 12:36:10--------d-----w-C:\Program Files (x86)\ESET
2012-07-28 11:24:0598816----a-w-C:\Windows\sed.exe
2012-07-28 11:24:05518144----a-w-C:\Windows\SWREG.exe
2012-07-28 11:24:05256000----a-w-C:\Windows\PEV.exe
2012-07-28 11:24:05208896----a-w-C:\Windows\MBR.exe
2012-07-28 10:33:01--------d-----w-C:\_OTL
2012-07-27 15:14:25--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-07-27 14:20:4027256----a-w-C:\Windows\System32\drivers\FixZeroAccess.sys
2012-07-27 13:45:20--------d-----w-C:\Users\Agazius\AppData\Roaming\Malwarebytes
2012-07-27 13:45:1124904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-07-27 13:45:11--------d-----w-C:\ProgramData\Malwarebytes
2012-07-27 13:45:11--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-27 10:54:1954072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
.
==================== Find3M ====================
.
2012-07-27 16:44:4670344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 16:44:46426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 16:21:52958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:5271064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:3241224----a-w-C:\Windows\avastSS.scr
2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:1236864----a-w-C:\Windows\System32\wuapp.exe
.
============= FINISH: 0:50:21,83 ===============
And the file Attach.txt :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate N
Boot Device: \Device\HarddiskVolume1
Install Date: 18/08/2010 12:25:54
System Uptime: 29/07/2012 00:39:23 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Crosshair III Formula
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 130 GiB total, 4,981 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: ATK0110 ACPI UTILITY
Device ID: ACPI\ATK0110\1010110
Manufacturer: ATK
Name: ATK0110 ACPI UTILITY
PNP Device ID: ACPI\ATK0110\1010110
Service: MTsensor
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ASInsHelp
Device ID: ROOT\LEGACY_ASINSHELP\0000
Manufacturer:
Name: ASInsHelp
PNP Device ID: ROOT\LEGACY_ASINSHELP\0000
Service: ASInsHelp
.
==== System Restore Points ===================
.
RP424: 28/07/2012 22:04:59 - Installed RegHunter
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
AC3Filter 1.62b
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.3) - Italiano
Adobe Stock Photos 1.0
AdunanzA
Apple Application Support
Apple Software Update
ASUSUpdate
ATI Catalyst Registration
AutoRotation
avast! Free Antivirus
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
Conduit Engine
Creative ALchemy
Crysis
Crysis Warhead
Crysis Wars
Crystal Reports for Visual Studio
Diablo III
DivX Setup
Dotfuscator Software Services - Community Edition
Dotfuscator Software Services - Community Edition - ITA
Dragon Age: Origins
EPSON Scan
ESET Online Scanner v3
EVEREST Ultimate Edition v5.50
Far Cry (Patch 1.4)
FastStone Capture 5.9
FPSGUN Mouse
Framework applic. livello dati di Microsoft SQL Server 2008 R2
GameSpy Comrade
Garmin BaseCamp
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Earth Plug-in
Google Update Helper
HydraVision
Java Auto Updater
Java(TM) 6 Update 29
Language Pack di Microsoft Visual F# 2.0 Runtime - ITA
Magic: The Gathering - Duels of the Planeswalkers
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes Anti-Malware versione 1.62.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - ITA
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - ITA
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK - Italiano
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ITA
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1 it
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Ultimate - ITA
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Macro Tools - ITA Language Pack
ModernRcon v0.8
Mozilla Firefox 14.0.1 (x86 it)
Mozilla Maintenance Service
MultiScreen
Natural Color Pro
NeMeSys_fastweb versione 1.6.5.11
Norton Security Scan
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
Pando Media Booster
PartyPoker.it
Photodex Presenter
PhotoDVD 2.9.6.1c
ProShow Gold
PunkBuster Services
Purrint23 (remove only)
QuickTime
Raptr
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RW-Everything v1.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Sound Blaster X-Fi MB
SoundMAX
Steam
The Lord of the Rings FREE Trial
UltraISO Premium V9.35
Unity Web Player
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA
VLC media player 1.1.7
Vuze
Vuze Remote Toolbar
Widget vodafone.it
WinRAR gestione archivi
Xfire (remove only)
.
==== End Of File ===========================
----------------
probably do not need but here also the aswMBR1.txt :
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 00:08:51
-----------------------------
00:08:51.149 OS Version: Windows x64 6.1.7600
00:08:51.149 Number of processors: 4 586 0x403
00:08:51.149 ComputerName: BLACKTENSOR UserName: Agazius
00:08:51.459 Initialize success
00:08:54.411 AVAST engine defs: 12072801
00:08:57.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:08:57.094 Disk 0 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 3
00:08:57.109 Disk 0 MBR read successfully
00:08:57.110 Disk 0 MBR scan
00:08:57.112 Disk 0 Windows 7 default MBR code
00:08:57.118 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:08:57.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9900 MB offset 206848
00:08:57.127 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 133087 MB offset 20482048
00:08:57.131 Disk 0 scanning C:\Windows\system32\drivers
00:09:00.449 Service scanning
00:09:10.288 Modules scanning
00:09:10.292 Disk 0 trace - called modules:
00:09:10.305 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:09:10.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b13060]
00:09:10.311 3 CLASSPNP.SYS[fffff880019ae43f] -> nt!IofCallDriver -> [0xfffffa8004a449b0]
00:09:10.314 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b07060]
00:09:10.590 AVAST engine scan C:\Windows
00:09:11.771 AVAST engine scan C:\Windows\system32
00:09:48.530 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:09:49.341 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:09:53.916 Disk 0 MBR has been saved successfully to "C:\Users\Agazius\Desktop\MBR.dat"
00:09:53.924 The log file has been saved successfully to "C:\Users\Agazius\Desktop\aswMBR.txt"
00:10:37.911 AVAST engine scan C:\Windows\system32\drivers
00:10:41.737 AVAST engine scan C:\Users\Agazius
00:12:25.783 AVAST engine scan C:\ProgramData
00:13:31.326 Scan finished successfully
00:13:57.152 Disk 0 MBR has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\MBR.dat"
00:13:57.155 The log file has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\aswMBR.txt"
00:14:49.028 Verifying
00:14:59.032 Disk 0 Windows 601 MBR fixed successfully
00:38:34.789 Disk 0 MBR has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\MBR.dat"
00:38:34.805 The log file has been saved successfully to "C:\Users\Agazius\Desktop\virus serio\aswMBR1.txt"
-------------------------
-------------------------
Thanks in advance for any help