Jump to content

Incredible VIRUS! Redirect my browser to mystart.incredibar.com and make KO my internet connection! HELP!


Recommended Posts

HELP ME PLEASE!!!

I'm fighting during this last 3 days versus a virus that have infected my main pc.

He redirect my browsers to mystar.incredibar.com and make ko my internet connection!

My connection don't run in savemode with internet too!!!

I can't ping www.google.com and can't ping ip address too!

in ipconfig I see that DNS is pointed versus "btoa06.dellswdllb.com" !

I've used Malawarebytes off course, btw it can't update because intenet don't run!

The strange thing is that when I use Avira and i try to update it... it run!!! O_o

I've tryed the DNS Changer remover tool too! But notthing resolved my problem! :(

Now i'm here asking help to your experts!

I paste here my reports of HijackThis, RougueKiller, DDS and FRST64!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:39:24, on 12/07/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis&tb=AVR-3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14280 bytes

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: madmax42 [Admin rights]

Mode: Scan -- Date: 07/12/2012 17:53:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++

--- User ---

[MBR] e50c0cc99740e1bad2e0293a7f15b8d7

[bSP] 3dffc59bf3eef39bbcead0e2bac7c8fd : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo

1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 243196 Mo

3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 498475008 | Size: 233543 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 952185a2d1acfb422d11cca9cb040c6b

[bSP] 3dffc59bf3eef39bbcead0e2bac7c8fd : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

+++++ PhysicalDrive1: Ut165 USB2FlashStorage USB Device +++++

--- User ---

[MBR] af4f576bfc843c2de2f9462388afa7e1

[bSP] 5e7cfc14e9c56e91b0b0d9037b6b5a76 : MBR Code unknown

Partition table:

0 - [XXXXXX] UNKNOWN (0x68) [VISIBLE] Offset (sectors): 1936028272 | Size: 904228 Mo

1 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 Mo

2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 Mo

3 - [XXXXXX] UNKNOWN (0x49) [VISIBLE] Offset (sectors): 1394627663 | Size: 10 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by madmax42 at 17:49:37 on 2012-07-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4044.3372 [GMT 2:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [<NO NAME>]

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: Interfaces\{017F8588-5DD4-4223-9D72-06D85514A768} : DhcpNameServer = 150.100.2.6

TCP: Interfaces\{6E1EDE1A-6C63-46FE-9612-53AD66C57198}\1427375685 : NameServer = 151.99.125.1,151.99.125.2

TCP: Interfaces\{6E1EDE1A-6C63-46FE-9612-53AD66C57198}\1427375685 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{6E1EDE1A-6C63-46FE-9612-53AD66C57198}\44D2C496E6B6 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{336D0C35-8A85-403a-B9D2-65C292C39087}

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{D4027C7F-154A-4066-A1AD-4243D8127440}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}

{D4027C7F-154A-4066-A1AD-4243D8127440}

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [(Predefinito)]

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun-x64: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\madmax42\AppData\Roaming\Mozilla\Firefox\Profiles\zrbd74qw.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=&locale=&apn_uid=4C9D754D-9E6F-4A4F-B891-62CBB72F87DD&apn_ptnrs=&apn_sauid=484812E9-EEC0-4675-A77B-997A365F0602&apn_dtid=&&q=

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\madmax42\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\madmax42\AppData\Roaming\Mozilla\Firefox\Profiles\zrbd74qw.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vm1jfRy&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 6aa4025e000000000000ac81124fa046

FF - user.js: extensions.incredibar_i.instlDay - 15499

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:32:42

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8vm1jfRy

FF - user.js: extensions.incredibar_i.upn2n - 92824498772021420

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 asdrm;asdrm;C:\Windows\system32\DRIVERS\asdrm.sys --> C:\Windows\system32\DRIVERS\asdrm.sys [?]

S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-14 89600]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-7-11 86224]

S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-7-11 110032]

S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-7-11 465360]

S2 asdrs;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\asdrs.sys --> C:\Windows\system32\DRIVERS\asdrs.sys [?]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-6-25 224000]

S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-12 514232]

S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]

S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-14 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]

S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-14 2656280]

S2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-6-8 185856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-29 250056]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

S3 IntcDAud;Audio schermo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-12 15:06:49 -------- d-----w- C:\FRST

2012-07-11 11:37:38 -------- d-----w- C:\Users\madmax42\AppData\Roaming\Avira

2012-07-11 11:34:03 -------- d-----w- C:\Program Files (x86)\Ask.com

2012-07-11 11:33:43 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-07-11 11:33:43 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2012-07-11 11:33:42 -------- d-----w- C:\ProgramData\Avira

2012-07-11 11:33:42 -------- d-----w- C:\Program Files (x86)\Avira

2012-07-11 10:09:12 -------- d-----w- C:\Users\madmax42\AppData\Roaming\Anvisoft

2012-07-11 10:09:06 23296 ----a-w- C:\Windows\System32\drivers\asdrs.sys

2012-07-11 10:09:06 18688 ----a-w- C:\Windows\System32\drivers\asdrm.sys

2012-07-11 10:09:02 -------- d-----w- C:\Program Files (x86)\Anvisoft

2012-07-10 19:16:11 -------- dc----w- C:\Users\madmax42\AppData\Local\MigWiz

2012-07-10 18:21:10 -------- d-----w- C:\Program Files\CCleaner

2012-07-10 17:41:47 -------- d-----w- C:\Users\madmax42\AppData\Roaming\Malwarebytes

2012-07-10 17:41:37 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-10 17:41:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-10 17:41:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-03 20:15:40 34064 ----a-w- C:\Windows\SysWow64\lhacm.acm

2012-07-03 20:15:37 -------- d-----w- C:\Program Files (x86)\Teamspeak2_RC2

2012-07-03 20:03:23 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client

2012-06-26 19:07:42 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-26 19:07:42 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-25 13:45:24 -------- d-----w- C:\Users\madmax42\AppData\Local\{BD251464-8DE6-4B15-BEE2-EBCBBE5770FB}

2012-06-25 13:45:10 -------- d-----w- C:\Users\madmax42\AppData\Local\{4237EDAD-4374-4564-B31B-C6A434541E93}

2012-06-24 20:38:58 -------- d-----w- C:\Users\madmax42\AppData\Local\{B53483E5-2C1B-4E3F-AAB2-B3C968AD8E49}

2012-06-24 20:38:43 -------- d-----w- C:\Users\madmax42\AppData\Local\{B78CF4F0-E23E-42C8-B121-6F28112ABABA}

2012-06-23 22:20:17 -------- d-----w- C:\Users\madmax42\AppData\Local\{4F2ACD2B-E4EE-460F-AB45-A0269371B67D}

2012-06-23 22:20:06 -------- d-----w- C:\Users\madmax42\AppData\Local\{3151DC1A-F4B3-4760-B4E6-6F3C92A7CDB1}

2012-06-23 20:29:37 -------- d-----w- C:\Users\madmax42\AppData\Local\Macromedia

2012-06-23 09:34:24 -------- d-----w- C:\Users\madmax42\AppData\Local\{953B41C8-DF9F-44EA-92E0-598311943C55}

2012-06-23 09:34:09 -------- d-----w- C:\Users\madmax42\AppData\Local\{BC9C7E9B-C71C-486D-809D-1D67E63AC57F}

2012-06-22 19:04:53 -------- d-----w- C:\Users\madmax42\AppData\Local\{B84817C6-52D3-4666-940D-30E69706CA4C}

2012-06-22 19:04:42 -------- d-----w- C:\Users\madmax42\AppData\Local\{110C509E-B3F8-4678-8CC0-E0288956CEB7}

2012-06-22 07:04:02 -------- d-----w- C:\Users\madmax42\AppData\Local\{06E6C57B-974A-449F-AC33-8825E8A021FA}

2012-06-22 07:03:43 -------- d-----w- C:\Users\madmax42\AppData\Local\{CA2F41D8-AA03-4C23-8937-5153A0891D89}

2012-06-21 18:25:18 -------- d-----w- C:\Users\madmax42\AppData\Local\{BD4D2DB1-5303-4D7D-AA73-48AF696B44A2}

2012-06-21 18:25:07 -------- d-----w- C:\Users\madmax42\AppData\Local\{708A39E5-58FF-41FC-B203-C87FFA040400}

2012-06-21 06:24:42 -------- d-----w- C:\Users\madmax42\AppData\Local\{76F0F646-776F-4538-A1BD-6A761BADE58F}

2012-06-21 06:24:28 -------- d-----w- C:\Users\madmax42\AppData\Local\{E98D04FE-6F3A-4F57-AD06-65ACC7C9FA98}

2012-06-20 18:05:11 -------- d-----w- C:\Users\madmax42\AppData\Local\{17EEF210-1F1E-4275-840F-C16967DC26E7}

2012-06-20 18:05:00 -------- d-----w- C:\Users\madmax42\AppData\Local\{D0BCFD23-7EF2-4891-BD78-4380D073ACCD}

2012-06-19 23:48:12 -------- d-----w- C:\Users\madmax42\AppData\Local\{949BF729-FD92-438A-81F0-A7E4B19339E4}

2012-06-19 23:48:00 -------- d-----w- C:\Users\madmax42\AppData\Local\{F1BDF046-E43C-45D3-8922-C8B46324A743}

2012-06-19 07:45:14 -------- d-----w- C:\Users\madmax42\AppData\Local\Nero_AG

2012-06-19 07:44:46 -------- d-----w- C:\Users\madmax42\AppData\Local\Nero

2012-06-19 07:44:08 -------- d-----w- C:\Program Files (x86)\Nero

2012-06-19 07:43:48 -------- d-----w- C:\ProgramData\Nero

2012-06-19 07:00:35 -------- d-----w- C:\Users\madmax42\AppData\Local\{7D05CF54-F2C6-40BF-835B-0179CE127245}

2012-06-19 07:00:20 -------- d-----w- C:\Users\madmax42\AppData\Local\{9F322DE7-6504-4A01-A864-AA72CCAEE5E8}

2012-06-18 15:16:58 -------- d-----w- C:\Users\madmax42\AppData\Local\{1A9391A4-7AC8-4EB6-AEC9-9B4F81CA759B}

2012-06-17 19:44:49 -------- d-----w- C:\Users\madmax42\AppData\Local\{CD812818-C80D-4334-9498-65776B247CFF}

2012-06-15 18:35:26 -------- d-----w- C:\Users\madmax42\AppData\Local\{011F4C1A-4EB5-477F-8823-2E205C396CF3}

2012-06-15 06:35:00 -------- d-----w- C:\Users\madmax42\AppData\Local\{AD3FEC9A-FF32-4191-BC3C-18C0F14C6A8B}

2012-06-14 18:32:14 -------- d-----w- C:\Users\madmax42\AppData\Local\{2E90B6F1-22D3-434C-96A1-E7783474E21E}

2012-06-14 18:32:03 -------- d-----w- C:\Users\madmax42\AppData\Local\{FE475319-9E1F-4601-AF3C-01A5A33B1BAD}

2012-06-14 06:31:33 -------- d-----w- C:\Users\madmax42\AppData\Local\{1A22BB2C-437A-4D8F-B847-C7CED8A5F5F7}

2012-06-14 06:31:20 -------- d-----w- C:\Users\madmax42\AppData\Local\{5B2E11C0-AE50-4D72-A51D-2E80AC57BBEA}

2012-06-13 11:42:07 -------- d-----w- C:\Users\madmax42\AppData\Local\{F134C9D7-F6A8-4B34-BB1F-757E7D947B22}

2012-06-13 11:41:56 -------- d-----w- C:\Users\madmax42\AppData\Local\{EEB910E1-CB84-41D3-9EB6-7B28F61937F2}

2012-06-12 23:41:29 -------- d-----w- C:\Users\madmax42\AppData\Local\{8D243682-8A4E-4595-9BE4-7760AB0017E5}

2012-06-12 23:41:14 -------- d-----w- C:\Users\madmax42\AppData\Local\{8680A805-C8C5-441F-A1FD-9836311003FC}

.

==================== Find3M ====================

.

2012-06-23 20:02:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 20:02:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

============= FINISH: 17:49:54,75 ===============

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012

Ran by madmax42 at 12-07-2012 17:52:28

Running from H:\

Service Pack 1 (X64) OS Language: Italian Standard

Attention: Could not load system hive.Errore: Impossibile accedere al file. Il file Š utilizzato da un altro processo.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-07-12 17:24 - 2012-07-12 17:24 - 00002649 ____A C:\Users\madmax42\Desktop\RKreport[2].txt

2012-07-12 17:06 - 2012-07-12 17:52 - 00000000 ____D C:\FRST

2012-07-12 17:03 - 2012-07-12 17:03 - 00002612 ____A C:\Users\madmax42\Desktop\RKreport[1].txt

2012-07-12 16:56 - 2012-07-12 16:58 - 00000000 ____D C:\Users\madmax42\Desktop\RK_Quarantine

2012-07-11 13:37 - 2012-07-11 13:37 - 00000000 ____D C:\Users\madmax42\AppData\Roaming\Avira

2012-07-11 13:34 - 2012-07-11 13:34 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk

2012-07-11 13:34 - 2012-07-11 13:34 - 00000000 ____D C:\Program Files (x86)\Ask.com

2012-07-11 13:33 - 2012-07-11 13:34 - 00000000 ____D C:\Users\All Users\Avira

2012-07-11 13:33 - 2012-07-11 13:33 - 00000000 ____D C:\Program Files (x86)\Avira

2012-07-11 13:33 - 2012-05-02 15:24 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys

2012-07-11 13:33 - 2012-04-27 10:20 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys

2012-07-11 13:33 - 2012-04-25 00:32 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

2012-07-11 13:30 - 2012-07-11 20:39 - 00081248 ____A C:\Windows\PFRO.log

2012-07-11 12:09 - 2012-07-11 12:09 - 00001180 ____A C:\Users\madmax42\Desktop\Anvi Smart Defender.lnk

2012-07-11 12:09 - 2012-07-11 12:09 - 00000000 ____D C:\Users\madmax42\AppData\Roaming\Anvisoft

2012-07-11 12:09 - 2012-07-11 12:09 - 00000000 ____D C:\Program Files (x86)\Anvisoft

2012-07-11 12:09 - 2012-06-18 08:42 - 00023296 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys

2012-07-11 12:09 - 2012-06-18 08:42 - 00018688 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys

2012-07-10 21:16 - 2012-07-10 21:41 - 00000000 ___DC C:\Users\madmax42\AppData\Local\MigWiz

2012-07-10 20:58 - 2012-07-12 17:22 - 00000616 ____A C:\Windows\setupact.log

2012-07-10 20:58 - 2012-07-10 20:58 - 00000000 ____A C:\Windows\setuperr.log

2012-07-10 20:21 - 2012-07-10 20:21 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-10 20:21 - 2012-07-10 20:21 - 00000000 ____D C:\Program Files\CCleaner

2012-07-10 19:41 - 2012-07-10 19:41 - 00001105 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-10 19:41 - 2012-07-10 19:41 - 00000000 ____D C:\Users\madmax42\AppData\Roaming\Malwarebytes

2012-07-10 19:41 - 2012-07-10 19:41 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-10 19:41 - 2012-07-10 19:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-10 19:41 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-06 19:26 - 2012-07-06 19:27 - 00000042 ____A C:\Users\madmax42\Desktop\LINKS.txt

2012-07-03 22:15 - 2012-07-03 22:15 - 05862994 ____A C:\Users\madmax42\Downloads\ts2_client_rc2_2032.exe

2012-07-03 22:15 - 2012-07-03 22:15 - 00034064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lhacm.acm

2012-07-03 22:15 - 2012-07-03 22:15 - 00000974 ____A C:\Users\madmax42\Desktop\Teamspeak 2 RC2.lnk

2012-07-03 22:15 - 2012-07-03 22:15 - 00000000 ____D C:\Users\madmax42\AppData\Roaming\teamspeak2

2012-07-03 22:15 - 2012-07-03 22:15 - 00000000 ____D C:\Program Files (x86)\Teamspeak2_RC2

2012-07-03 22:14 - 2012-07-03 22:14 - 00535552 ____A (TeamSpeak Systems) C:\Users\madmax42\Downloads\TeamSpeak.exe

2012-07-03 22:14 - 2012-07-03 22:14 - 00000446 ____A C:\Users\madmax42\Downloads\TSClient.log

2012-07-03 22:03 - 2012-07-03 22:03 - 00001158 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2012-07-03 22:03 - 2012-07-03 22:03 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

2012-07-03 22:02 - 2012-07-03 22:02 - 29828512 ____A (TeamSpeak Systems GmbH) C:\Users\madmax42\Downloads\TeamSpeak3-Client-win32-3.0.7.exe

2012-06-25 16:33 - 2012-06-25 16:34 - 17331911 ____A C:\Users\madmax42\Downloads\Slide Corso Primo Soccorso_con logo Formatec_Dott.ssa Lorenzo.pptx

2012-06-25 15:52 - 2012-06-25 15:52 - 02955610 ____A C:\Users\madmax42\Downloads\SICA05-Corso Primo Soccorso.pptx

2012-06-25 15:45 - 2012-06-25 15:45 - 00000000 ____D C:\Users\madmax42\AppData\Local\{BD251464-8DE6-4B15-BEE2-EBCBBE5770FB}

2012-06-25 15:45 - 2012-06-25 15:45 - 00000000 ____D C:\Users\madmax42\AppData\Local\{4237EDAD-4374-4564-B31B-C6A434541E93}

2012-06-24 22:38 - 2012-06-24 22:39 - 00000000 ____D C:\Users\madmax42\AppData\Local\{B53483E5-2C1B-4E3F-AAB2-B3C968AD8E49}

2012-06-24 22:38 - 2012-06-24 22:38 - 00000000 ____D C:\Users\madmax42\AppData\Local\{B78CF4F0-E23E-42C8-B121-6F28112ABABA}

2012-06-24 00:20 - 2012-06-24 00:20 - 00000000 ____D C:\Users\madmax42\AppData\Local\{4F2ACD2B-E4EE-460F-AB45-A0269371B67D}

2012-06-24 00:20 - 2012-06-24 00:20 - 00000000 ____D C:\Users\madmax42\AppData\Local\{3151DC1A-F4B3-4760-B4E6-6F3C92A7CDB1}

2012-06-23 22:29 - 2012-06-23 22:29 - 00000000 ____D C:\Users\madmax42\AppData\Local\Macromedia

2012-06-23 11:34 - 2012-06-23 11:34 - 00000000 ____D C:\Users\madmax42\AppData\Local\{BC9C7E9B-C71C-486D-809D-1D67E63AC57F}

2012-06-23 11:34 - 2012-06-23 11:34 - 00000000 ____D C:\Users\madmax42\AppData\Local\{953B41C8-DF9F-44EA-92E0-598311943C55}

2012-06-22 21:04 - 2012-06-22 21:05 - 00000000 ____D C:\Users\madmax42\AppData\Local\{B84817C6-52D3-4666-940D-30E69706CA4C}

2012-06-22 21:04 - 2012-06-22 21:04 - 00000000 ____D C:\Users\madmax42\AppData\Local\{110C509E-B3F8-4678-8CC0-E0288956CEB7}

2012-06-22 09:04 - 2012-06-22 09:04 - 00000000 ____D C:\Users\madmax42\AppData\Local\{06E6C57B-974A-449F-AC33-8825E8A021FA}

2012-06-22 09:03 - 2012-06-22 09:04 - 00000000 ____D C:\Users\madmax42\AppData\Local\{CA2F41D8-AA03-4C23-8937-5153A0891D89}

2012-06-21 20:25 - 2012-06-21 20:25 - 00000000 ____D C:\Users\madmax42\AppData\Local\{BD4D2DB1-5303-4D7D-AA73-48AF696B44A2}

2012-06-21 20:25 - 2012-06-21 20:25 - 00000000 ____D C:\Users\madmax42\AppData\Local\{708A39E5-58FF-41FC-B203-C87FFA040400}

2012-06-21 08:24 - 2012-06-21 08:24 - 00000000 ____D C:\Users\madmax42\AppData\Local\{E98D04FE-6F3A-4F57-AD06-65ACC7C9FA98}

2012-06-21 08:24 - 2012-06-21 08:24 - 00000000 ____D C:\Users\madmax42\AppData\Local\{76F0F646-776F-4538-A1BD-6A761BADE58F}

2012-06-20 20:05 - 2012-06-20 20:05 - 00000000 ____D C:\Users\madmax42\AppData\Local\{D0BCFD23-7EF2-4891-BD78-4380D073ACCD}

2012-06-20 20:05 - 2012-06-20 20:05 - 00000000 ____D C:\Users\madmax42\AppData\Local\{17EEF210-1F1E-4275-840F-C16967DC26E7}

2012-06-20 01:48 - 2012-06-20 01:48 - 00000000 ____D C:\Users\madmax42\AppData\Local\{F1BDF046-E43C-45D3-8922-C8B46324A743}

2012-06-20 01:48 - 2012-06-20 01:48 - 00000000 ____D C:\Users\madmax42\AppData\Local\{949BF729-FD92-438A-81F0-A7E4B19339E4}

2012-06-19 09:45 - 2012-06-19 09:45 - 00000000 ____D C:\Users\madmax42\AppData\Local\Nero_AG

2012-06-19 09:44 - 2012-06-19 09:45 - 00000000 ____D C:\Users\madmax42\AppData\Local\Nero

2012-06-19 09:44 - 2012-06-19 09:44 - 00002109 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk

2012-06-19 09:44 - 2012-06-19 09:44 - 00000000 ____D C:\Users\madmax42\AppData\Roaming\Nero

2012-06-19 09:44 - 2012-06-19 09:44 - 00000000 ____D C:\Program Files (x86)\Nero

2012-06-19 09:43 - 2012-06-19 09:45 - 00000000 ____D C:\Users\All Users\Nero

2012-06-19 09:35 - 2012-06-19 09:40 - 208693552 ____A (Nero AG) C:\Users\madmax42\Downloads\Nero_KwikMedia-11.2.00900_free.exe

2012-06-19 09:00 - 2012-06-19 09:00 - 00000000 ____D C:\Users\madmax42\AppData\Local\{9F322DE7-6504-4A01-A864-AA72CCAEE5E8}

2012-06-19 09:00 - 2012-06-19 09:00 - 00000000 ____D C:\Users\madmax42\AppData\Local\{7D05CF54-F2C6-40BF-835B-0179CE127245}

2012-06-18 17:16 - 2012-06-18 17:17 - 00000000 ____D C:\Users\madmax42\AppData\Local\{1A9391A4-7AC8-4EB6-AEC9-9B4F81CA759B}

2012-06-17 21:44 - 2012-06-17 21:45 - 00000000 ____D C:\Users\madmax42\AppData\Local\{CD812818-C80D-4334-9498-65776B247CFF}

2012-06-15 20:35 - 2012-06-15 20:35 - 00000000 ____D C:\Users\madmax42\AppData\Local\{011F4C1A-4EB5-477F-8823-2E205C396CF3}

2012-06-15 08:35 - 2012-06-15 08:35 - 00000000 ____D C:\Users\madmax42\AppData\Local\{AD3FEC9A-FF32-4191-BC3C-18C0F14C6A8B}

2012-06-14 20:32 - 2012-06-14 20:32 - 00000000 ____D C:\Users\madmax42\AppData\Local\{FE475319-9E1F-4601-AF3C-01A5A33B1BAD}

2012-06-14 20:32 - 2012-06-14 20:32 - 00000000 ____D C:\Users\madmax42\AppData\Local\{2E90B6F1-22D3-434C-96A1-E7783474E21E}

2012-06-14 08:31 - 2012-06-14 08:31 - 00000000 ____D C:\Users\madmax42\AppData\Local\{5B2E11C0-AE50-4D72-A51D-2E80AC57BBEA}

2012-06-14 08:31 - 2012-06-14 08:31 - 00000000 ____D C:\Users\madmax42\AppData\Local\{1A22BB2C-437A-4D8F-B847-C7CED8A5F5F7}

2012-06-13 13:42 - 2012-06-13 13:42 - 00000000 ____D C:\Users\madmax42\AppData\Local\{F134C9D7-F6A8-4B34-BB1F-757E7D947B22}

2012-06-13 13:41 - 2012-06-13 13:42 - 00000000 ____D C:\Users\madmax42\AppData\Local\{EEB910E1-CB84-41D3-9EB6-7B28F61937F2}

2012-06-13 01:41 - 2012-06-13 01:41 - 00000000 ____D C:\Users\madmax42\AppData\Local\{8D243682-8A4E-4595-9BE4-7760AB0017E5}

2012-06-13 01:41 - 2012-06-13 01:41 - 00000000 ____D C:\Users\madmax42\AppData\Local\{8680A805-C8C5-441F-A1FD-9836311003FC}

2012-06-12 09:04 - 2012-06-12 09:05 - 00000000 ____D C:\Users\madmax42\AppData\Local\{F80BB918-30DB-4A92-97E2-B7689476890B}

2012-06-12 09:04 - 2012-06-12 09:04 - 00000000 ____D C:\Users\madmax42\AppData\Local\{55E8A801-7AB4-4AA6-BD1D-DAA4B40E8674}

============ 3 Months Modified Files ========================

2012-07-12 17:27 - 2011-04-12 21:32 - 00698776 ____A C:\Windows\System32\perfh010.dat

2012-07-12 17:27 - 2011-04-12 21:32 - 00127744 ____A C:\Windows\System32\perfc010.dat

2012-07-12 17:27 - 2009-07-14 07:13 - 01542894 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-12 17:24 - 2012-07-12 17:24 - 00002649 ____A C:\Users\madmax42\Desktop\RKreport[2].txt

2012-07-12 17:22 - 2012-07-10 20:58 - 00000616 ____A C:\Windows\setupact.log

2012-07-12 17:22 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-12 17:21 - 2011-06-14 04:39 - 01634188 ____A C:\Windows\WindowsUpdate.log

2012-07-12 17:03 - 2012-07-12 17:03 - 00002612 ____A C:\Users\madmax42\Desktop\RKreport[1].txt

2012-07-12 17:02 - 2012-05-29 17:51 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-12 16:17 - 2012-05-18 01:12 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3825566972-3035960742-8174050-1001UA.job

2012-07-12 16:10 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-12 16:10 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-12 00:19 - 2012-02-07 13:20 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleFormadmax42.job

2012-07-11 20:39 - 2012-07-11 13:30 - 00081248 ____A C:\Windows\PFRO.log

2012-07-11 13:34 - 2012-07-11 13:34 - 00002062 ____A C:\Users\Public\Desktop\Avira Control Center.lnk

2012-07-11 12:09 - 2012-07-11 12:09 - 00001180 ____A C:\Users\madmax42\Desktop\Anvi Smart Defender.lnk

2012-07-10 20:58 - 2012-07-10 20:58 - 00000000 ____A C:\Windows\setuperr.log

2012-07-10 20:21 - 2012-07-10 20:21 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-10 19:41 - 2012-07-10 19:41 - 00001105 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-07 01:17 - 2012-05-18 01:12 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3825566972-3035960742-8174050-1001Core.job

2012-07-06 19:27 - 2012-07-06 19:26 - 00000042 ____A C:\Users\madmax42\Desktop\LINKS.txt

2012-07-03 22:15 - 2012-07-03 22:15 - 05862994 ____A C:\Users\madmax42\Downloads\ts2_client_rc2_2032.exe

2012-07-03 22:15 - 2012-07-03 22:15 - 00034064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lhacm.acm

2012-07-03 22:15 - 2012-07-03 22:15 - 00000974 ____A C:\Users\madmax42\Desktop\Teamspeak 2 RC2.lnk

2012-07-03 22:14 - 2012-07-03 22:14 - 00535552 ____A (TeamSpeak Systems) C:\Users\madmax42\Downloads\TeamSpeak.exe

2012-07-03 22:14 - 2012-07-03 22:14 - 00000446 ____A C:\Users\madmax42\Downloads\TSClient.log

2012-07-03 22:03 - 2012-07-03 22:03 - 00001158 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2012-07-03 22:02 - 2012-07-03 22:02 - 29828512 ____A (TeamSpeak Systems GmbH) C:\Users\madmax42\Downloads\TeamSpeak3-Client-win32-3.0.7.exe

2012-07-03 17:09 - 2011-11-22 12:34 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-07-03 17:09 - 2011-11-08 15:21 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-06-30 01:21 - 2009-07-14 07:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-06-25 16:34 - 2012-06-25 16:33 - 17331911 ____A C:\Users\madmax42\Downloads\Slide Corso Primo Soccorso_con logo Formatec_Dott.ssa Lorenzo.pptx

2012-06-25 15:52 - 2012-06-25 15:52 - 02955610 ____A C:\Users\madmax42\Downloads\SICA05-Corso Primo Soccorso.pptx

2012-06-23 22:02 - 2012-05-29 17:51 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-06-23 22:02 - 2011-11-07 17:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-06-19 09:44 - 2012-06-19 09:44 - 00002109 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk

2012-06-19 09:40 - 2012-06-19 09:35 - 208693552 ____A (Nero AG) C:\Users\madmax42\Downloads\Nero_KwikMedia-11.2.00900_free.exe

2012-06-18 08:42 - 2012-07-11 12:09 - 00023296 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys

2012-06-18 08:42 - 2012-07-11 12:09 - 00018688 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys

2012-06-12 09:06 - 2011-11-08 16:27 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-06-08 09:38 - 2012-06-08 09:38 - 00002037 ____A C:\Users\Public\Desktop\LightScribe.lnk

2012-06-08 09:32 - 2012-06-08 09:32 - 00000447 ____A C:\user.js

2012-06-08 09:29 - 2012-06-08 09:22 - 384512408 ____A (Nero AG) C:\Users\madmax42\Desktop\Nero-11.0.10700_trial.exe

2012-05-31 20:41 - 2012-05-31 20:17 - 00001159 ____A C:\Users\Public\Desktop\Diablo III.lnk

2012-05-24 14:01 - 2011-11-07 18:10 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-05-24 14:01 - 2011-11-07 18:10 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-05-24 13:59 - 2012-05-24 13:58 - 09287786 ____A C:\Users\madmax42\Downloads\setup_tm++.exe

2012-05-18 01:12 - 2012-05-18 01:12 - 00493520 ____A (Facebook Inc.) C:\Users\madmax42\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe

2012-05-02 15:24 - 2012-07-11 13:33 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys

2012-05-02 11:49 - 2012-04-06 15:43 - 00000096 ____A C:\Users\madmax42\Desktop\datacron!.txt

2012-04-27 10:20 - 2012-07-11 13:33 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys

2012-04-25 00:32 - 2012-07-11 13:33 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

2012-04-24 12:32 - 2012-04-24 12:31 - 06723368 ____A (TomTom International B.V.) C:\Users\madmax42\Downloads\InstallMyTomTomSA.exe

2012-04-20 21:15 - 2012-04-20 20:32 - 538870968 ____A (Acresso Software Inc. ) C:\Users\madmax42\Downloads\CorelDRAWGraphicsSuiteX6Installer_IT32Bit.exe

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%

Total physical RAM: 4043.86 MB

Available physical RAM: 3357.14 MB

Total Pagefile: 8085.91 MB

Available Pagefile: 7464.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:237.5 GB) (Free:98.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (RECOVERY) (Fixed) (Total:14.57 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (DATA) (Fixed) (Total:213.4 GB) (Free:167.63 GB) NTFS

5 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

6 Drive h: (MAX) (Removable) (Total:7.52 GB) (Free:0.57 GB) FAT32

N. disco Stato Dimensioni Disponibile Din GPT

-------- ------------- ------------- ------------- --- ---

Disco 0 Online 465 Gbytes 1024 Kbytes *

Disco 1 Online 7711 Mbytes 0 byte

Partitions of Disk 0:

===============

Partizione ### Tipo Dim. Offset

--------------- ---------------- ------- -------

Partizione 1 Dati dinamici 992 Kb 31 Kb

Partizione 2 Dati dinamici 199 Mb 1024 Kb

Partizione 3 Dati dinamici 237 Gb 200 Mb

Partizione 4 Dati dinamici 228 Gb 237 Gb

==================================================================================

Disk: 0

Partizione 1

Tipo : 42

Nascosta: S

Attiva: No

Nessun volume associato alla partizione.

==================================================================================

Disk: 0

Partizione 2

Tipo : 42

Nascosta: S

Attiva: Si

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info

--------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 SYSTEM NTFS Semplice 199 Mb Integro Sistema

==================================================================================

Disk: 0

Partizione 3

Tipo : 42

Nascosta: S

Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info

--------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Semplice 237 Gb Integro Avvio

==================================================================================

Disk: 0

Partizione 4

Tipo : 42

Nascosta: S

Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info

--------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 F DATA NTFS Semplice 213 Gb Integro

==================================================================================

Partitions of Disk 1:

===============

Partizione ### Tipo Dim. Offset

--------------- ---------------- ------- -------

* Partizione 1 Primario 7711 Mb 0 b

==================================================================================

Disk: 1

Non Š stata selezionata alcuna partizione.

Nessuna partizione selezionata.

Selezionare una partizione e riprovare.

==================================================================================

==========================================================

Last Boot: 2012-07-09 18:16

======================= End Of Log ==========================

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Thank you in advance 4 your help!!!!!!!!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thank you for your reply!!!!

Here my reports:

Malwarebytes Anti-Malware (Prova) 1.61.0.1400

www.malwarebytes.org

Versione database: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS (Modalità provvisoria con rete)

Internet Explorer 9.0.8112.16421

madmax42 :: ANGEL [amministratore]

Protezione: Disattivata

12/07/2012 22:11:17

mbam-log-2012-07-12 (22-11-17).txt

Tipo di scansione: Scansione veloce

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 191180

Tempo impiegato: 1 minuti, 57 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 0

(non sono stati rilevati elementi nocivi)

(fine)

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

ComboFix 12-07-12.02 - madmax42 12/07/2012 22:47:56.3.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4044.2811 [GMT 2:00]

Eseguito da: c:\users\madmax42\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Creato nuovo punto di ripristino

.

.

((((((((((((((((((((((((( Files Creati Da 2012-06-12 al 2012-07-12 )))))))))))))))))))))))))))))))))))

.

.

2012-07-12 20:54 . 2012-07-12 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-12 16:28 . 2012-07-12 16:28 388096 ----a-r- c:\users\madmax42\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-12 16:28 . 2012-07-12 16:28 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-12 15:06 . 2012-07-12 15:52 -------- d-----w- C:\FRST

2012-07-11 11:33 . 2012-07-12 20:28 -------- d-----w- c:\programdata\Avira

2012-07-11 10:09 . 2012-07-11 10:09 -------- d-----w- c:\users\madmax42\AppData\Roaming\Anvisoft

2012-07-11 10:09 . 2012-06-18 06:42 23296 ----a-w- c:\windows\system32\drivers\asdrs.sys

2012-07-11 10:09 . 2012-06-18 06:42 18688 ----a-w- c:\windows\system32\drivers\asdrm.sys

2012-07-11 10:09 . 2012-07-11 10:09 -------- d-----w- c:\program files (x86)\Anvisoft

2012-07-10 19:16 . 2012-07-10 19:41 -------- dc----w- c:\users\madmax42\AppData\Local\MigWiz

2012-07-10 18:21 . 2012-07-10 18:21 -------- d-----w- c:\program files\CCleaner

2012-07-10 17:41 . 2012-07-10 17:41 -------- d-----w- c:\users\madmax42\AppData\Roaming\Malwarebytes

2012-07-10 17:41 . 2012-07-10 17:41 -------- d-----w- c:\programdata\Malwarebytes

2012-07-10 17:41 . 2012-07-10 17:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-10 17:41 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 20:15 . 2012-07-03 20:15 -------- d-----w- c:\users\madmax42\AppData\Roaming\teamspeak2

2012-07-03 20:15 . 2012-07-03 20:15 34064 ----a-w- c:\windows\SysWow64\lhacm.acm

2012-07-03 20:15 . 2012-07-03 20:15 -------- d-----w- c:\program files (x86)\Teamspeak2_RC2

2012-07-03 20:03 . 2012-07-03 20:03 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client

2012-06-26 19:07 . 2012-06-26 19:07 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-26 19:07 . 2012-06-26 19:07 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-23 20:29 . 2012-06-23 20:29 -------- d-----w- c:\users\madmax42\AppData\Local\Macromedia

2012-06-19 07:44 . 2012-06-19 07:44 -------- d-----w- c:\users\madmax42\AppData\Roaming\Nero

2012-06-19 07:44 . 2012-06-19 07:45 -------- d-----w- c:\users\madmax42\AppData\Local\Nero

2012-06-19 07:44 . 2012-06-19 07:44 -------- d-----w- c:\program files (x86)\Nero

2012-06-19 07:43 . 2012-06-19 07:44 -------- d-----w- c:\program files (x86)\Common Files\Nero

2012-06-19 07:43 . 2012-06-19 07:45 -------- d-----w- c:\programdata\Nero

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 20:02 . 2012-05-29 15:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 20:02 . 2011-11-07 15:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-18 01:03 . 2012-05-16 13:13 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29C30CA1-F415-42BA-89D5-F18BA3DF8C16}\mpengine.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-12_20.22.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-07-12 20:39 88664 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-12 20:39 42708 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-11-07 12:58 . 2012-07-12 20:39 19440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3825566972-3035960742-8174050-1001_UserData.bin

- 2012-07-12 20:21 . 2012-07-12 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-12 20:54 . 2012-07-12 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-12 20:21 . 2012-07-12 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-12 20:54 . 2012-07-12 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-04-12 19:32 . 2012-07-12 20:45 699014 c:\windows\system32\perfh010.dat

+ 2009-07-14 02:36 . 2012-07-12 20:45 616452 c:\windows\system32\perfh009.dat

+ 2011-04-12 19:32 . 2012-07-12 20:45 127950 c:\windows\system32\perfc010.dat

+ 2009-07-14 02:36 . 2012-07-12 20:45 106574 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-07-12 19:58 250908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-12 20:45 250908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-06-25 710912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-07 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-06-18 18688]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-08 203776]

S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-06-18 23296]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-06-25 224000]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-08 9259520]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-08 301568]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-16 12228128]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 20:02]

.

2012-07-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3825566972-3035960742-8174050-1001Core.job

- c:\users\madmax42\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 23:12]

.

2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3825566972-3035960742-8174050-1001UA.job

- c:\users\madmax42\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 23:12]

.

2012-07-11 c:\windows\Tasks\HPCeeScheduleFormadmax42.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2782096]

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: Interfaces\{6E1EDE1A-6C63-46FE-9612-53AD66C57198}\1427375685: NameServer = 151.99.125.1,151.99.125.2

FF - ProfilePath - c:\users\madmax42\AppData\Roaming\Mozilla\Firefox\Profiles\zrbd74qw.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vm1jfRy&&i=26&search=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vm1jfRy&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 6aa4025e000000000000ac81124fa046

FF - user.js: extensions.incredibar_i.instlDay - 15499

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:32

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8vm1jfRy

FF - user.js: extensions.incredibar_i.upn2n - 92824498772021420

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd -

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Ora fine scansione: 2012-07-12 23:01:36 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-07-12 21:01

ComboFix2.txt 2012-07-12 20:42

ComboFix3.txt 2012-07-12 20:26

.

Pre-Run: 105.188.814.848 byte disponibili

Post-Run: 104.851.714.048 byte disponibili

.

- - End Of File - - 3A5F007E36B2A79F3185B1F21F39B2C3

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.