[Closed] Win32:malware-gen

Status
Not open for further replies.
M

MoonMoon

Posts: 7   +0
when I run steam it updates till 99% then avg founds this malware win32:malware-gen... I downloaded several anti malware programs but none of them found it...I tried for abou 2-3 hours to delete it but I couldnt...now the thing is that steam start without any problems...now avg free cant find it aswell...did the malware vanished on his own ? :) best regards!
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 5-Step removal instructions and post the logs back here for my review.
 
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Moonraine :: MOONRAINE-PC [administrator]

Protection: Disabled

06/08/2012 23:40:19
mbam-log-2012-08-06 (23-40-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197269
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-------------------------------------------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
Run by Moonraine at 23:56:57 on 2012-08-06
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.1949 [GMT 2:00]
.
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Games\Smite\HiPatchService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\WireHelpSvc.exe
E:\Games\Steam\Steam.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.ro
uStart Page = hxxp://cool-itv.net
uSearch Bar = hxxp://www.google.ro
mDefault_Search_URL = hxxp://www.google.ro
mSearch Page = hxxp://www.google.ro
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
mSearchAssistant =
mCustomizeSearch = hxxp://www.google.ro
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "E:\Games\Steam\Steam.exe" -silent
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{B1798527-C644-40CB-BD00-DF8FFC71EDAF} : DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Hosts: 255.255.255.255 easyanticheat.com # misleading site
Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
Hosts: 255.255.255.255 easyanticheat.info # misleading site
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Games\Smite\HiPatchService.exe [2012-7-21 8704]
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-5 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-8-6 133912]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2012-3-28 219360]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-8-6 575448]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-3-28 68136]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-3-28 72304]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-6 655944]
R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-4-11 168864]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 busenum;SteelBusSvc;C:\Windows\system32\DRIVERS\SteelBus64.sys --> C:\Windows\system32\DRIVERS\SteelBus64.sys [?]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 ASUSU1;ASUS Xonar U3 Audio Interface;C:\Windows\system32\drivers\cm11264.sys --> C:\Windows\system32\drivers\cm11264.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-8-6 402368]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-8-6 1118680]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-06 17:06:29 706776 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2012-08-06 17:06:29 65664 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2012-08-06 17:06:29 41968 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2012-08-06 17:04:28 85224 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-08-06 17:04:27 767960 ----a-w- C:\Windows\BDTSupport.dll
2012-08-06 17:04:26 2267096 ----a-w- C:\Windows\PCTBDCore.dll
2012-08-06 17:04:26 1689560 ----a-w- C:\Windows\PCTBDRes.dll
2012-08-06 17:04:26 149464 ----a-w- C:\Windows\SGDetectionTool.dll
2012-08-06 17:04:06 341200 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-08-06 17:04:06 145464 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-08-06 17:04:04 14808 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-08-06 17:04:01 92928 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-08-06 17:03:51 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-08-06 16:56:45 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-08-06 16:56:45 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-08-06 16:56:43 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-08-06 16:56:42 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-08-06 16:56:42 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-08-06 16:56:17 -------- d-----w- C:\Users\Moonraine\AppData\Roaming\TestApp
2012-08-06 16:56:17 -------- d-----w- C:\ProgramData\PC Tools
2012-08-06 16:51:35 -------- d-----w- C:\Users\Moonraine\AppData\Roaming\IObit
2012-08-06 16:51:32 -------- d-----w- C:\Program Files (x86)\IObit
2012-08-06 16:08:31 -------- d-----w- C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-08-06 15:44:43 -------- d-----w- C:\Windows\System32\appmgmt
2012-08-06 14:09:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-06 14:09:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-06 13:48:51 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-06 13:48:33 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-06 12:42:53 -------- d-----w- C:\Users\Moonraine\AppData\Roaming\Malwarebytes
2012-08-06 12:42:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-06 11:05:27 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-08-06 11:05:21 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-08-06 11:05:20 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-08-06 11:05:20 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-07-28 14:56:17 -------- d-----w- C:\Users\Moonraine\AppData\Local\TomTom
2012-07-28 14:56:14 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2012-07-21 19:22:05 -------- d-----w- C:\Users\Moonraine\AppData\Local\Chromium
2012-07-21 11:00:35 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-07-18 15:29:32 -------- d-----w- C:\Users\Moonraine\AppData\Local\NokiaAccount
2012-07-18 15:15:14 -------- d-----w- C:\ProgramData\Nokia
2012-07-18 15:14:27 -------- d-----w- C:\ProgramData\NokiaInstallerCache
2012-07-18 14:33:50 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-18 14:33:40 73728 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33:40 73728 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33:40 53248 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-07-18 14:33:40 49152 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-07-18 14:33:40 49152 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-07-18 14:33:39 -------- d-----w- C:\Users\Moonraine\AppData\Local\Nokia
2012-07-18 14:25:29 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia
2012-07-18 14:25:25 26112 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys
2012-07-18 14:25:21 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2012-07-18 14:25:11 57856 ----a-w- C:\Windows\System32\nmwcdclsX64.dll
2012-07-18 14:25:11 -------- d-----w- C:\Program Files (x86)\Nokia
2012-07-17 21:47:10 -------- d-----w- C:\Users\Moonraine\AppData\Local\CutePDF Writer
2012-07-17 21:46:19 -------- d-----w- C:\Program Files (x86)\GPLGS
2012-07-17 21:45:15 86608 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-07-17 21:45:14 -------- d-----w- C:\Program Files (x86)\Acro Software
.
==================== Find3M ====================
.
2012-08-06 20:14:51 25640 ----a-w- C:\Windows\gdrv.sys
2012-07-26 22:29:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 22:29:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 17:54:04 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-11 17:54:04 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-09 17:59:32 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-06 13:35:44 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-04 18:09:34 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-16 21:54:20 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-01 05:14:01 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe
2012-01-24 11:50:46 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe
.
============= FINISH: 23:57:24,81 ===============

------------------------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28/03/2012 09:54:45
System Uptime: 06/08/2012 22:14:15 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-890GPA-UD3H
Processor: AMD Phenom(tm) II X6 1090T Processor | Socket M2 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 62,346 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 834 GiB total, 376,604 GiB free.
F: is FIXED (NTFS) - 0 GiB total, 0,06 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP26: 28/07/2012 15:27:58 - Scheduled Checkpoint
RP27: 05/08/2012 13:45:23 - Scheduled Checkpoint
RP28: 06/08/2012 15:39:12 - Installed Steam
RP29: 06/08/2012 15:48:36 - Installed SpyHunter
RP30: 06/08/2012 17:44:19 - Removed SpyHunter
RP31: 06/08/2012 17:45:24 - Installed SpyHunter
RP32: 06/08/2012 18:08:18 - Removed SpyHunter
RP33: 06/08/2012 22:11:34 - Removed IMinent Toolbar
.
==== Hosts File Hijack ======================
.
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Hosts: 255.255.255.255 easyanticheat.com # misleading site
Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
Hosts: 255.255.255.255 easyanticheat.info # misleading site
Hosts: 255.255.255.255 www.easyanticheat.info # misleading site
Hosts: 255.255.255.255 easyanticheat.org # misleading site
Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Italiano
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
µTorrent
avast! Internet Security
Blacklight: Retribution
Browser Configuration Utility
Browser Guard 4.0
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Counter-Strike
Curse Client
Diablo III
Easy Burner
EasySaver B9.1214.1
Eligium
Garena Plus
Gigabyte Raid Configurer
Hi-Rez Studios Authenticate and Update Service
HydraVision
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 14.0.1 (x86 it)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP3 Parser
NEC Electronics USB 3.0 Host Controller Driver
Nokia Connectivity Cable Driver
Nokia Software Updater
Nokia Suite
NVIDIA PhysX
ON_OFF Charge B10.0409.1
PC Connectivity Solution
PC Tools Internet Security
PunkBuster Services
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Skype™ 5.8
Smite Closed Beta
SopCast Tv Plugin 5.8 Setup
StarCraft II
Steam
TeamSpeak 3 Client
Tom Clancy's Ghost Recon Future Soldier
Ubisoft Game Launcher
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.2
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
06/08/2012 22:16:27, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
06/08/2012 19:06:29, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
06/08/2012 19:05:31, Error: PCTCore [280] -
06/08/2012 15:35:10, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
06/08/2012 15:35:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06/08/2012 15:35:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
06/08/2012 15:34:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger aswFW aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/08/2012 15:34:52, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
06/08/2012 15:34:04, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
06/08/2012 15:34:04, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
06/08/2012 15:34:01, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
06/08/2012 15:34:01, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
06/08/2012 14:37:45, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
06/08/2012 14:36:51, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
.
==== End Of File ===========================
 
You're welcome...

Please run the following:

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
undefinedComboFix 12-08-07.03 - Moonraine 07/08/2012 22:06:49.1.6 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.2457 [GMT 2:00]
Eseguito da: c:\users\Moonraine\Desktop\ComboFix.exe
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\windows\SysWow64\Uninstall-TvPlugin-5.8
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-07 al 2012-08-07 )))))))))))))))))))))))))))))))))))
.
.
2012-08-07 20:11 . 2012-08-07 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 15:53 . 2012-08-07 15:53 -------- d-----w- c:\users\Moonraine\AppData\Local\Threat Expert
2012-08-06 17:06 . 2012-06-22 12:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-08-06 17:06 . 2012-06-22 12:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-08-06 17:06 . 2012-06-22 12:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-08-06 17:04 . 2012-06-22 09:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-08-06 16:56 . 2012-06-22 13:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-06 16:56 . 2012-08-06 17:06 -------- d-----w- c:\programdata\PC Tools
2012-08-06 16:56 . 2012-08-06 16:56 -------- d-----w- c:\users\Moonraine\AppData\Roaming\TestApp
2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\users\Moonraine\AppData\Roaming\IObit
2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\program files (x86)\IObit
2012-08-06 16:08 . 2012-08-06 16:08 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-08-06 15:44 . 2012-08-06 20:12 -------- d-----w- c:\windows\system32\appmgmt
2012-08-06 14:09 . 2012-08-07 19:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-06 13:48 . 2012-08-06 13:48 -------- d-----w- c:\program files\Enigma Software Group
2012-08-06 13:48 . 2012-08-06 15:44 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Malwarebytes
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 11:05 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-06 11:05 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-06 11:05 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-06 11:05 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-07-28 14:56 . 2012-08-06 13:59 -------- d-----w- c:\users\Moonraine\AppData\Local\TomTom
2012-07-28 14:56 . 2012-07-28 14:56 -------- d-----w- c:\program files (x86)\TomTom International B.V
2012-07-21 19:22 . 2012-07-21 19:22 -------- d-----w- c:\users\Moonraine\AppData\Local\Chromium
2012-07-21 11:00 . 2012-07-21 19:21 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-07-18 15:15 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Nokia
2012-07-18 14:33 . 2012-07-18 14:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33 . 2012-07-18 14:33 53248 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-07-18 14:33 . 2012-07-18 15:15 -------- d-----w- c:\users\Moonraine\AppData\Local\Nokia
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\PC Suite
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Nokia
2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\programdata\PC Suite
2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-07-18 14:25 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Nokia
2012-07-18 14:25 . 2012-01-09 15:28 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2012-07-18 14:23 . 2012-07-18 14:32 -------- d-----w- c:\programdata\Installations
2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\users\Moonraine\AppData\Local\CutePDF Writer
2012-07-17 21:46 . 2012-07-17 21:46 -------- d-----w- c:\program files (x86)\GPLGS
2012-07-17 21:45 . 2012-03-11 12:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
2012-07-17 21:45 . 2012-07-17 21:45 -------- d-----w- c:\program files (x86)\Acro Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:40 . 2012-03-28 08:15 25640 ----a-w- c:\windows\gdrv.sys
2012-07-26 22:29 . 2012-03-28 21:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 22:29 . 2012-03-28 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:54 . 2012-07-01 01:06 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-11 17:54 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-09 17:59 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-06 13:35 . 2012-07-01 00:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-04 18:09 . 2012-07-06 13:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-03 16:21 . 2012-03-28 15:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-03-28 15:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-03-28 15:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-28 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-03-28 15:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-03-28 15:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-03-28 15:51 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-03-28 15:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-03-28 15:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 08:43 . 2012-08-06 17:04 3488 ----a-w- c:\windows\UDB.zip
2012-06-22 08:43 . 2012-08-06 17:04 131 ----a-w- c:\windows\IDB.zip
2012-06-16 21:54 . 2012-06-16 21:54 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 22:19 . 2012-06-19 14:08 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:08 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 14:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 14:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 05:14 . 2012-06-01 05:14 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
2012-01-24 11:50 . 2012-04-11 20:01 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* I valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-28 742264]
"Steam"="e:\games\Steam\Steam.exe" [2012-08-06 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 ASUSU1;ASUS Xonar U3 Audio Interface;c:\windows\system32\drivers\cm11264.sys [2010-12-15 1312256]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 147472]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2011-09-16 106496]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-09-16 34944]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2009-12-08 8146944]
"Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://cool-itv.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-SopCast Tv Plugin 5.8 Setup - c:\windows\system32\Uninstall-TvPlugin-5.8
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*à<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*l*l*<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*!ú<\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*°5Ág\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*ß:3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*¸0Æy\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*Ý‘1O\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*-ØjG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*ÏØjG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*ˆaW\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
<¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*a*ƒ=¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:32,00,36,00,30,00,32,00,32,00,30,00,31,00,31,00,30,00,37,00,2e,00,61,
00,83,3d,a6,5f,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,32,00,36,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.
<¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:45,3a,5c,75,54,6f,72,72,65,6e,74,5c,42,72,75,63,65,20,41,6c,6d,69,67,
68,74,79,5c,78,78,78,5c,6e,65,77,5c,6e,65,77,5c,4e,65,77,5c,41,6d,61,74,65,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*N<¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
00,2e,00,30,00,37,00,2e,00,4e,3c,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*\?¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
00,2e,00,30,00,37,00,2e,00,5c,3f,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-08-07 22:13:00
ComboFix-quarantined-files.txt 2012-08-07 20:12
.
Pre-Run: 67.499.458.560 bytes free
Post-Run: 68.190.789.632 bytes free
.
- - End Of File - - 1869E4E3B456CFB2584A5D0473E2BC3D
 
1. ComboFix re-run
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    Code: 
    ClearJavaCache::
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
2. Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
3. Post logs

Make sure to post these logs for my review:
  • ComboFix log
  • ESET Scan log
Also, let me know how your computer is running.

Thanks! :)
 
ComboFix 12-08-07.05 - Moonraine 08/08/2012 15:03:56.2.6 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.2489 [GMT 2:00]
Eseguito da: c:\users\Moonraine\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Moonraine\Desktop\CFScript.txt.txt
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-08 al 2012-08-08 )))))))))))))))))))))))))))))))))))
.
.
2012-08-08 13:08 . 2012-08-08 13:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 15:53 . 2012-08-07 15:53 -------- d-----w- c:\users\Moonraine\AppData\Local\Threat Expert
2012-08-06 17:06 . 2012-06-22 12:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-08-06 17:06 . 2012-06-22 12:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-08-06 17:06 . 2012-06-22 12:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-08-06 17:04 . 2012-06-22 09:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-08-06 16:56 . 2012-06-22 13:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-06 16:56 . 2012-08-06 17:06 -------- d-----w- c:\programdata\PC Tools
2012-08-06 16:56 . 2012-08-06 16:56 -------- d-----w- c:\users\Moonraine\AppData\Roaming\TestApp
2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\users\Moonraine\AppData\Roaming\IObit
2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\program files (x86)\IObit
2012-08-06 16:08 . 2012-08-06 16:08 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-08-06 15:44 . 2012-08-06 20:12 -------- d-----w- c:\windows\system32\appmgmt
2012-08-06 13:48 . 2012-08-06 13:48 -------- d-----w- c:\program files\Enigma Software Group
2012-08-06 13:48 . 2012-08-06 15:44 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Malwarebytes
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 11:05 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-06 11:05 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-06 11:05 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-06 11:05 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-07-28 14:56 . 2012-08-06 13:59 -------- d-----w- c:\users\Moonraine\AppData\Local\TomTom
2012-07-28 14:56 . 2012-07-28 14:56 -------- d-----w- c:\program files (x86)\TomTom International B.V
2012-07-21 19:22 . 2012-07-21 19:22 -------- d-----w- c:\users\Moonraine\AppData\Local\Chromium
2012-07-21 11:00 . 2012-07-21 19:21 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-07-18 15:15 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Nokia
2012-07-18 14:33 . 2012-07-18 14:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33 . 2012-07-18 14:33 53248 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-07-18 14:33 . 2012-07-18 15:15 -------- d-----w- c:\users\Moonraine\AppData\Local\Nokia
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\PC Suite
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Nokia
2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\programdata\PC Suite
2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-07-18 14:25 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Nokia
2012-07-18 14:25 . 2012-01-09 15:28 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2012-07-18 14:23 . 2012-07-18 14:32 -------- d-----w- c:\programdata\Installations
2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\users\Moonraine\AppData\Local\CutePDF Writer
2012-07-17 21:46 . 2012-07-17 21:46 -------- d-----w- c:\program files (x86)\GPLGS
2012-07-17 21:45 . 2012-03-11 12:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
2012-07-17 21:45 . 2012-07-17 21:45 -------- d-----w- c:\program files (x86)\Acro Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 11:40 . 2012-03-28 08:15 25640 ----a-w- c:\windows\gdrv.sys
2012-07-26 22:29 . 2012-03-28 21:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 22:29 . 2012-03-28 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:54 . 2012-07-01 01:06 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-11 17:54 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-09 17:59 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-06 13:35 . 2012-07-01 00:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-04 18:09 . 2012-07-06 13:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-03 16:21 . 2012-03-28 15:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-03-28 15:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-03-28 15:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-28 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-03-28 15:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-03-28 15:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-03-28 15:51 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-03-28 15:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-03-28 15:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 08:43 . 2012-08-06 17:04 3488 ----a-w- c:\windows\UDB.zip
2012-06-22 08:43 . 2012-08-06 17:04 131 ----a-w- c:\windows\IDB.zip
2012-06-16 21:54 . 2012-06-16 21:54 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 22:19 . 2012-06-19 14:08 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:08 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 14:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 14:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 05:14 . 2012-06-01 05:14 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
2012-01-24 11:50 . 2012-04-11 20:01 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_20.11.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-08 12:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-08 12:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-28 07:56 . 2012-08-08 11:45 40758 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-08 11:45 32848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-28 08:02 . 2012-08-08 11:45 12150 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2633914705-2322214657-749838959-1001_UserData.bin
+ 2012-03-28 16:47 . 2012-08-08 11:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-28 16:47 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-28 16:47 . 2012-08-07 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 16:47 . 2012-08-08 11:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 11:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 07:56 . 2012-08-08 11:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 11:40 . 2012-08-08 11:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 11:40 . 2012-08-08 11:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-08 12:45 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 19:39 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 08:46 . 2012-08-07 23:45 971520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-07 19:37 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-07 23:45 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-08-08 11:54 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-07 15:28 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-03-30 19:13 . 2012-08-07 23:45 33635596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2633914705-2322214657-749838959-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* I valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-28 742264]
"Steam"="e:\games\Steam\Steam.exe" [2012-08-06 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Moonraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-8-7 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 ASUSU1;ASUS Xonar U3 Audio Interface;c:\windows\system32\drivers\cm11264.sys [2010-12-15 1312256]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 147472]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2011-09-16 106496]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-09-16 34944]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2009-12-08 8146944]
"Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://cool-itv.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*à<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*l*l*<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*!ú<\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*°5Ág\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*ß:3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*¸0Æy\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*Ý‘1O\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*-ØjG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*ÏØjG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*ˆaW\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
<¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*a*ƒ=¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:32,00,36,00,30,00,32,00,32,00,30,00,31,00,31,00,30,00,37,00,2e,00,61,
00,83,3d,a6,5f,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,32,00,36,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.
<¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:45,3a,5c,75,54,6f,72,72,65,6e,74,5c,42,72,75,63,65,20,41,6c,6d,69,67,
68,74,79,5c,78,78,78,5c,6e,65,77,5c,6e,65,77,5c,4e,65,77,5c,41,6d,61,74,65,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*N<¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
00,2e,00,30,00,37,00,2e,00,4e,3c,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*\?¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
00,2e,00,30,00,37,00,2e,00,5c,3f,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-08-08 15:09:39
ComboFix-quarantined-files.txt 2012-08-08 13:09
ComboFix2.txt 2012-08-07 20:13
.
Pre-Run: 67.997.806.592 bytes free
Post-Run: 67.707.322.368 bytes free
.
- - End Of File - - 5235410DDA85235ED53DEF5A9E120704

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9775c91cded2414fad029f81add2b5b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-08 01:58:39
# local_time=2012-08-08 03:58:39 (+0100, W. Europe Daylight Time)
# country="Italy"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 11391732 96881949 0 0
# compatibility_mode=8192 67108863 100 0 163 163 0 0
# scanned=132962
# found=0
# cleaned=0
# scan_time=2503


-------------------------------------------------------------------------------------------------------------------------


the computer seems to work as usualy...it works good...the only problem I have is that when I start steam and try to play counter strike it starts but sometimes when I try to connect to a server it says
NET SendPacket ERROR WSAEINTR


and quits the game...I run a full scan with avast but still could not found anything wrong on my computer...

oh and yesterday after I restart the computer blocked at the windows loading screen...I had to restart it again to load windows...but I just think that this things just happen sometimes...

best regards!
 
Sometimes the intents of these program makers is up for dispute:

IObit
Enigma Software Group

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Folder::
    c:\users\Moonraine\AppData\Roaming\TestApp
    c:\users\Moonraine\AppData\Roaming\IObit
    c:\program files (x86)\IObit
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
    c:\windows\system32\appmgmt
    c:\program files\Enigma Software Group
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
ComboFix 12-08-10.02 - Moonraine 12/08/2012 12:04:27.3.6 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.2640 [GMT 2:00]
Eseguito da: c:\users\Moonraine\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Moonraine\Desktop\CFScript.txt.txt
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll
c:\program files (x86)\IObit\IObit Malware Fighter\license.dat
c:\program files (x86)\IObit\IObit Malware Fighter\log\realtime\realtime_2012-08-06-18-51 .txt
c:\program files (x86)\IObit\IObit Malware Fighter\log\realtime\realtime_2012-08-06-18-53 .txt
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_154857.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_160852.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_161207.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_172206.log
c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe.BAK
c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe.tmp
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\users\Moonraine\AppData\Roaming\IObit
c:\users\Moonraine\AppData\Roaming\IObit\IObit Malware Fighter\config.ini
c:\users\Moonraine\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini
c:\users\Moonraine\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini
c:\users\Moonraine\AppData\Roaming\TestApp
c:\users\Moonraine\AppData\Roaming\TestApp\TestApp.txt
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCall.dll
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla.dll
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla17.dll
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla18.exe
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla19.dll
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla2.dll
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla20.dll
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla21.exe
c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseData.ini
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCall.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla2.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla21.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla31.exe
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla32.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla33.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla34.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.exe
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseData.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-12 al 2012-08-12 )))))))))))))))))))))))))))))))))))
.
.
2012-08-12 10:08 . 2012-08-12 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 13:14 . 2012-08-08 13:14 -------- d-----w- c:\program files (x86)\ESET
2012-08-07 15:53 . 2012-08-07 15:53 -------- d-----w- c:\users\Moonraine\AppData\Local\Threat Expert
2012-08-06 17:06 . 2012-06-22 12:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-08-06 17:06 . 2012-06-22 12:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-08-06 17:06 . 2012-06-22 12:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-08-06 17:04 . 2012-06-22 09:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-08-06 16:56 . 2012-06-22 13:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-06 16:56 . 2012-08-06 17:06 -------- d-----w- c:\programdata\PC Tools
2012-08-06 15:44 . 2012-08-06 20:12 -------- d-----w- c:\windows\system32\appmgmt
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Malwarebytes
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 11:05 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-06 11:05 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-06 11:05 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-06 11:05 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-07-28 14:56 . 2012-08-06 13:59 -------- d-----w- c:\users\Moonraine\AppData\Local\TomTom
2012-07-28 14:56 . 2012-07-28 14:56 -------- d-----w- c:\program files (x86)\TomTom International B.V
2012-07-21 19:22 . 2012-07-21 19:22 -------- d-----w- c:\users\Moonraine\AppData\Local\Chromium
2012-07-21 11:00 . 2012-07-21 19:21 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-07-18 15:15 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Nokia
2012-07-18 14:33 . 2012-07-18 14:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-07-18 14:33 . 2012-07-18 14:33 53248 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-07-18 14:33 . 2012-07-18 15:15 -------- d-----w- c:\users\Moonraine\AppData\Local\Nokia
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\PC Suite
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Nokia
2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\programdata\PC Suite
2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-07-18 14:25 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Nokia
2012-07-18 14:25 . 2012-01-09 15:28 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2012-07-18 14:23 . 2012-07-18 14:32 -------- d-----w- c:\programdata\Installations
2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\users\Moonraine\AppData\Local\CutePDF Writer
2012-07-17 21:46 . 2012-07-17 21:46 -------- d-----w- c:\program files (x86)\GPLGS
2012-07-17 21:45 . 2012-03-11 12:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
2012-07-17 21:45 . 2012-07-17 21:45 -------- d-----w- c:\program files (x86)\Acro Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 09:59 . 2012-03-28 08:15 25640 ----a-w- c:\windows\gdrv.sys
2012-08-11 16:23 . 2012-07-01 01:06 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-11 16:23 . 2012-07-01 00:54 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-11 13:05 . 2012-07-01 00:54 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-26 22:29 . 2012-03-28 21:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 22:29 . 2012-03-28 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 13:35 . 2012-07-01 00:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-04 18:09 . 2012-07-06 13:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-03 16:21 . 2012-03-28 15:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-03-28 15:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-03-28 15:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-28 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-03-28 15:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-03-28 15:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-03-28 15:51 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-03-28 15:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-03-28 15:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 08:43 . 2012-08-06 17:04 3488 ----a-w- c:\windows\UDB.zip
2012-06-22 08:43 . 2012-08-06 17:04 131 ----a-w- c:\windows\IDB.zip
2012-06-16 21:54 . 2012-06-16 21:54 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 22:19 . 2012-06-19 14:08 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:08 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 14:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 14:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 05:14 . 2012-06-01 05:14 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
2012-01-24 11:50 . 2012-04-11 20:01 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_20.11.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-12 10:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-12 10:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-28 07:56 . 2012-08-12 10:01 41654 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-12 10:01 33832 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-28 08:02 . 2012-08-12 10:01 12158 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2633914705-2322214657-749838959-1001_UserData.bin
+ 2012-03-28 16:47 . 2012-08-12 10:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-28 16:47 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-28 16:47 . 2012-08-07 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 16:47 . 2012-08-12 10:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 10:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-28 07:56 . 2012-08-12 09:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-28 07:56 . 2012-08-12 09:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-28 07:56 . 2012-08-12 09:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-28 07:56 . 2012-08-12 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-28 07:56 . 2012-08-12 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-12 09:59 . 2012-08-12 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-12 09:59 . 2012-08-12 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-12 10:01 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-28 08:46 . 2012-08-12 02:37 988856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-07 19:37 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-12 02:37 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-08-07 15:28 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-11 10:56 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-03-30 19:13 . 2012-08-12 02:37 34007177 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2633914705-2322214657-749838959-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* I valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-28 742264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 ASUSU1;ASUS Xonar U3 Audio Interface;c:\windows\system32\drivers\cm11264.sys [2010-12-15 1312256]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 147472]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2011-09-16 106496]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-09-16 34944]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2009-12-08 8146944]
"Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://cool-itv.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*à<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*l*l*<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*!ú<\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*°5Ág\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*ß:3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*¸0Æy\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*Ý‘1O\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*-ØjG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*ÏØjG\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*ˆaW\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
<¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*a*ƒ=¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:32,00,36,00,30,00,32,00,32,00,30,00,31,00,31,00,30,00,37,00,2e,00,61,
00,83,3d,a6,5f,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,32,00,36,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.
<¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:45,3a,5c,75,54,6f,72,72,65,6e,74,5c,42,72,75,63,65,20,41,6c,6d,69,67,
68,74,79,5c,78,78,78,5c,6e,65,77,5c,6e,65,77,5c,4e,65,77,5c,41,6d,61,74,65,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*N<¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
00,2e,00,30,00,37,00,2e,00,4e,3c,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*\?¦_]
@Allowed: (Read) (RestrictedCode)
"0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
00,2e,00,30,00,37,00,2e,00,5c,3f,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-08-12 12:10:18
ComboFix-quarantined-files.txt 2012-08-12 10:10
ComboFix2.txt 2012-08-08 13:09
ComboFix3.txt 2012-08-07 20:13
.
Pre-Run: 66.838.994.944 bytes free
Post-Run: 66.582.867.968 bytes free
.
- - End Of File - - 5CA4EFBBB62179BC58418892B693D94B
 
Kaspersky Security Scan (KSS)

The Kaspersky Security Scan is a scanning only tool, that searches for active infections such as rootkits, trojans, viruses, etc.

Please download the Kaspersky Security Scan from Kaspersky's Official Link and save it to your Desktop.

  • Double-click on the downloaded item. It will quickly download the latest version of KSS and then launch the installer. Please navigate through the installer.
  • After it finishes install, it will place an icon on your Desktop and launch itself.
  • In the Kaspersky Security Scan interface, choose full scan at the bottom:
    kssn.png
  • Once it finishes, it will show the report. Click on the Details button, and it will launch a HTML page.
  • You have two options - either A. Upload the HTML report here, file located at { C:/ProgramData/Kaspersky%20Lab/KSS2/DataRoot/HtmlReport/index.html } (Copy and paste the file path into the Address box in the Upload window), or B. Copy and paste all of the results in your next reply.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
Hey sorry guys for not posting! computer is working fine now! thanks a lot for the help and keep up the good work! best regards!

very good site and very helpfull people here!
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Cyberpunk 2077 update entirely bricks the game for PS4 disc users
Replies
19
Views
2K
Burty117
Burty117
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
Cal Jeffrey
Playing Cyberpunk 2077 on first-gen PS4 and Xbox One units is proving troublesome
2
Replies
31
Views
4K
Lionvibez
L

Latest posts

Back