Jump to content

malware premium version stop performing a full scan


Recommended Posts

  • Root Admin

Hello and :welcome:
 
Let's get a look at what's going on with the computer and see if we can help correct this issue.

 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

 

 

Then run this scanner as well and post back the log
 
Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

Thanks

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Eric (administrator) on MOLOR on 26-03-2014 20:12:32

Running from C:\Users\Eric\Downloads

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe

(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\Eric\Downloads\Miners\cgminer-heavy-2014-03-25\cgminer-heavy\cgminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12739936 2014-02-12] (Zemana Ltd.)

HKLM-x32\...\Run: [AntiLogger] - C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19318696 2014-03-18] (Zemana Ltd.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-2108921197-901534154-3097603228-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [90448 2014-02-12] (Zemana Ltd.)

AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [83208 2014-02-12] (Zemana Ltd.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{D04348FA-EF55-42DA-A3B9-41ED2210D5BB}: [NameServer]213.205.32.70,213.205.36.70

 

Chrome: 

=======


CHR Extension: (Documenti Google) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]

CHR Extension: (Google Drive) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]

CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]

CHR Extension: (Ricerca Google) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]

CHR Extension: (AdBlock Premium) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-02-15]

CHR Extension: (Hola Better Internet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-02-15]

CHR Extension: (Webcam Toy) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-02-15]

CHR Extension: (Ghostery) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-15]

CHR Extension: (Google Wallet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]

CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]

 

==================== Services (Whitelisted) =================

 

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-03-22] (Zemana Ltd.)

S3 atillk64; C:\Users\Eric\Downloads\Vga Programs\ati_winflash_2.6.7\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)

R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2014-02-12] (Zemana Ltd.)

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-26] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)

R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-26 20:12 - 2014-03-26 20:12 - 00009300 _____ () C:\Users\Eric\Downloads\FRST.txt

2014-03-26 20:12 - 2014-03-26 20:12 - 00000000 ____D () C:\FRST

2014-03-26 20:11 - 2014-03-26 20:11 - 02157056 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe

2014-03-26 15:01 - 2014-03-26 17:12 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-03-26 14:37 - 2014-03-26 15:43 - 00001437 _____ () C:\Users\Eric\Desktop\ALT solo 2.lnk

2014-03-25 22:20 - 2014-03-25 22:23 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\ProCoin

2014-03-25 22:20 - 2014-03-25 22:20 - 00000999 _____ () C:\Users\Eric\Desktop\PRO.lnk

2014-03-25 18:10 - 2014-03-26 10:24 - 00001324 _____ () C:\Users\Eric\Desktop\EMO pool.lnk

2014-03-25 15:46 - 2014-03-25 15:46 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-03-25 15:46 - 2014-03-25 15:46 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2014-03-25 15:03 - 2014-03-26 09:32 - 00131072 _____ () C:\Users\Eric\Downloads\Tahiti.rom

2014-03-24 22:22 - 2014-03-24 22:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-24 22:22 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-24 22:22 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-24 22:22 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-24 22:04 - 2014-03-26 20:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-24 22:00 - 2014-03-24 22:00 - 00000000 ____D () C:\Users\Eric\Downloads\Tor Browser

2014-03-24 21:59 - 2014-03-24 21:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Eric\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-24 17:16 - 2014-03-24 17:16 - 00000000 ____D () C:\Users\Eric\Downloads\MSIAfterburnerSetup231

2014-03-24 17:15 - 2014-03-24 17:16 - 22990573 _____ () C:\Users\Eric\Downloads\MSIAfterburnerSetup231.zip

2014-03-22 17:33 - 2014-03-26 19:00 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Heavycoin

2014-03-22 17:33 - 2014-03-22 17:33 - 00001879 _____ () C:\Users\Eric\Desktop\HVC.lnk

2014-03-22 17:31 - 2014-03-25 22:29 - 00001505 _____ () C:\Users\Eric\Desktop\HEAVY pool.lnk

2014-03-22 17:23 - 2014-03-22 17:23 - 00000000 __HDC () C:\ProgramData\{D9418335-6363-40BC-A6DD-4AFE587F6C2C}

2014-03-22 17:21 - 2014-03-22 17:21 - 00001218 _____ () C:\Users\Eric\Desktop\EQB solo.lnk

2014-03-21 21:46 - 2014-03-26 13:50 - 00001483 _____ () C:\Users\Eric\Desktop\DARK pool.lnk

2014-03-21 16:30 - 2014-03-21 16:30 - 05852480 _____ (TeamViewer GmbH) C:\Users\Eric\Downloads\TeamViewer_Setup_it.exe

2014-03-21 16:30 - 2014-03-21 16:30 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\TeamViewer

2014-03-20 22:02 - 2014-03-20 22:02 - 07162220 _____ () C:\Users\Eric\Downloads\ccn-Qt_V1.1a_WIN.zip

2014-03-20 18:42 - 2014-03-26 11:37 - 00001264 _____ () C:\Users\Eric\Desktop\BIRD solo.lnk

2014-03-20 12:40 - 2014-03-26 11:38 - 00001282 _____ () C:\Users\Eric\Desktop\DEUCE pool.lnk

2014-03-20 09:46 - 2014-03-25 22:43 - 00001314 _____ () C:\Users\Eric\Desktop\SYN solo.lnk

2014-03-19 23:13 - 2014-03-26 11:47 - 00001278 _____ () C:\Users\Eric\Desktop\DELETE pool.lnk

2014-03-19 20:14 - 2014-03-19 20:14 - 00000000 ____D () C:\Users\Eric\Downloads\bitcoin-0.9.0-win

2014-03-18 11:24 - 2014-03-18 11:24 - 00000000 ____D () C:\Program Files (x86)\Etron Technology

2014-03-17 20:57 - 2014-03-17 20:58 - 00001546 _____ () C:\Users\Eric\Desktop\GNS.lnk

2014-03-17 19:00 - 2014-03-26 08:32 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Genesiscoin

2014-03-17 17:48 - 2014-03-25 14:20 - 00000440 __RSH () C:\ProgramData\ntuser.pol

2014-03-17 17:48 - 2014-03-17 17:48 - 00585120 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Eric\Downloads\rufus-1.4.5.exe

2014-03-17 17:25 - 2014-03-17 17:26 - 00000000 ____D () C:\Users\Eric\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-03-17 17:25 - 2014-03-17 17:25 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2014-03-17 13:05 - 2014-03-18 16:24 - 00001717 _____ () C:\Users\Eric\Desktop\FC.lnk

2014-03-17 13:02 - 2014-03-26 15:07 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Fuguecoin

2014-03-14 20:03 - 2014-03-25 23:11 - 00001328 _____ () C:\Users\Eric\Desktop\PRO pool.lnk

2014-03-14 08:43 - 2014-03-14 08:43 - 00042511 _____ () C:\Users\Eric\Documents\omaggio Battlefield 4.eml

2014-03-13 19:00 - 2014-03-13 19:00 - 00000000 ____D () C:\Program Files (x86)\Foxit Software

2014-03-13 18:11 - 2014-03-13 18:11 - 00000000 ____D () C:\Program Files\CPUID

2014-03-13 16:48 - 2014-03-13 16:48 - 32320342 _____ () C:\Users\Eric\Downloads\MSIAfterburnerSetup300Beta18.zip

2014-03-13 15:00 - 2014-03-13 15:00 - 00000000 ____D () C:\ProgramData\ATI

2014-03-13 14:59 - 2014-03-13 14:59 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201403131459232338.log

2014-03-13 14:59 - 2014-03-13 14:59 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2014-03-13 14:57 - 2014-03-13 14:59 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-03-13 14:55 - 2014-03-13 14:55 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201403131455411363.log

2014-03-13 14:25 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2014-03-13 14:25 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2014-03-13 14:25 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2014-03-13 14:25 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2014-03-13 12:14 - 2014-03-13 12:14 - 00000000 _____ () C:\Windows\system32\spu_storage.bin

2014-03-12 11:44 - 2014-03-12 12:13 - 00001570 _____ () C:\Users\Eric\Desktop\BIRD.lnk

2014-03-11 21:06 - 2014-03-11 21:06 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-03-11 20:30 - 2014-03-24 21:40 - 00000000 ____D () C:\Users\Eric\Downloads\CAVEDOG

2014-03-11 18:39 - 2014-03-11 18:39 - 00000000 ___RD () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-11 12:52 - 2011-06-18 11:26 - 00000410 _____ () C:\Users\Eric\Downloads\scbw116_x64.reg

2014-03-11 12:48 - 2014-03-11 12:50 - 00000000 ____D () C:\Program Files (x86)\StarCraft

2014-03-11 12:48 - 2014-03-11 12:49 - 00001037 _____ () C:\Users\Public\Desktop\StarCraft - Brood War.lnk

2014-03-10 18:19 - 2014-03-26 11:50 - 00001530 _____ () C:\Users\Eric\Desktop\ALT solo.lnk

2014-03-07 13:45 - 2014-03-07 21:20 - 00001453 _____ () C:\Users\Eric\Desktop\FAIR.lnk

2014-03-07 13:42 - 2014-03-26 08:32 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\FairCoin

2014-03-07 08:21 - 2014-03-22 17:23 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys

2014-03-07 08:21 - 2014-03-22 17:23 - 00000000 ____D () C:\Program Files (x86)\AntiLogger

2014-03-07 08:21 - 2014-03-07 08:21 - 00000000 ____D () C:\Users\Eric\AppData\Local\Zemana

2014-03-06 23:01 - 2014-03-06 23:01 - 00000000 ____D () C:\ProgramData\CheckPoint

2014-03-05 22:48 - 2014-03-05 22:48 - 00001232 _____ () C:\Users\Eric\Desktop\EKRONA pool.lnk

2014-03-03 20:50 - 2014-03-03 20:50 - 08288697 _____ () C:\Users\Eric\Downloads\equestrianbit-1.0.2.rar

2014-03-02 20:41 - 2014-03-14 17:10 - 00000000 ____D () C:\Users\Eric\AppData\Local\AntiLogger Free

2014-03-02 20:41 - 2014-03-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free

2014-03-02 20:41 - 2014-03-02 20:41 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK

2014-03-02 20:41 - 2014-02-12 15:28 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys

2014-03-02 17:35 - 2014-03-24 09:41 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Birdcoin

2014-02-28 23:29 - 2014-02-28 23:29 - 00000000 ____D () C:\Windows\it

2014-02-28 23:29 - 2014-02-28 23:29 - 00000000 ____D () C:\Windows\en

2014-02-28 23:29 - 2014-02-28 23:29 - 00000000 ____D () C:\Program Files\Windows Live

2014-02-26 22:10 - 2014-02-26 22:12 - 107234592 _____ (Oracle Corporation) C:\Users\Eric\Downloads\VirtualBox-4.3.8-92456-Win.exe

2014-02-26 16:44 - 2014-02-26 16:44 - 01639000 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Eric\Downloads\GPU-Z.0.7.7.exe

2014-02-25 08:36 - 2014-03-26 08:33 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Bitcoin

 

==================== One Month Modified Files and Folders =======

 

2014-03-26 20:12 - 2014-03-26 20:12 - 00009300 _____ () C:\Users\Eric\Downloads\FRST.txt

2014-03-26 20:12 - 2014-03-26 20:12 - 00000000 ____D () C:\FRST

2014-03-26 20:11 - 2014-03-26 20:11 - 02157056 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe

2014-03-26 20:11 - 2014-03-24 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-26 20:10 - 2014-02-23 12:03 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-03-26 20:10 - 2014-02-11 10:58 - 01943867 _____ () C:\Windows\WindowsUpdate.log

2014-03-26 20:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-26 19:59 - 2014-02-15 09:50 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-26 19:00 - 2014-03-22 17:33 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Heavycoin

2014-03-26 17:55 - 2014-02-11 11:37 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner

2014-03-26 17:21 - 2014-02-11 12:57 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\usde

2014-03-26 17:13 - 2014-02-11 12:56 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\NobleCoin

2014-03-26 17:12 - 2014-03-26 15:01 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-03-26 15:48 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-26 15:48 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-26 15:46 - 2014-02-11 11:32 - 00739366 _____ () C:\Windows\system32\perfh010.dat

2014-03-26 15:46 - 2014-02-11 11:32 - 00146226 _____ () C:\Windows\system32\perfc010.dat

2014-03-26 15:46 - 2009-07-14 06:13 - 01658888 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-26 15:43 - 2014-03-26 14:37 - 00001437 _____ () C:\Users\Eric\Desktop\ALT solo 2.lnk

2014-03-26 15:42 - 2014-02-15 09:50 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-26 15:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-26 15:41 - 2009-07-14 05:51 - 00047743 _____ () C:\Windows\setupact.log

2014-03-26 15:07 - 2014-03-17 13:02 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Fuguecoin

2014-03-26 15:02 - 2014-02-12 18:50 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Altcoin

2014-03-26 14:58 - 2014-02-13 12:27 - 00000000 ____D () C:\Users\Eric\Downloads\Miners

2014-03-26 14:52 - 2014-02-11 11:17 - 10966792 _____ (SurfRight B.V.) C:\Users\Eric\Downloads\hitmanpro_x64.exe

2014-03-26 14:09 - 2014-02-11 11:47 - 00003014 _____ () C:\Windows\System32\Tasks\MSIAfterburner

2014-03-26 13:50 - 2014-03-21 21:46 - 00001483 _____ () C:\Users\Eric\Desktop\DARK pool.lnk

2014-03-26 11:50 - 2014-03-10 18:19 - 00001530 _____ () C:\Users\Eric\Desktop\ALT solo.lnk

2014-03-26 11:47 - 2014-03-19 23:13 - 00001278 _____ () C:\Users\Eric\Desktop\DELETE pool.lnk

2014-03-26 11:38 - 2014-03-20 12:40 - 00001282 _____ () C:\Users\Eric\Desktop\DEUCE pool.lnk

2014-03-26 11:37 - 2014-03-20 18:42 - 00001264 _____ () C:\Users\Eric\Desktop\BIRD solo.lnk

2014-03-26 10:24 - 2014-03-25 18:10 - 00001324 _____ () C:\Users\Eric\Desktop\EMO pool.lnk

2014-03-26 10:20 - 2014-02-11 11:54 - 00000000 ____D () C:\Users\Eric\Downloads\cgminer-3.7.2-kalroth-20140204

2014-03-26 09:32 - 2014-03-25 15:03 - 00131072 _____ () C:\Users\Eric\Downloads\Tahiti.rom

2014-03-26 08:33 - 2014-02-25 08:36 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Bitcoin

2014-03-26 08:32 - 2014-03-17 19:00 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Genesiscoin

2014-03-26 08:32 - 2014-03-07 13:42 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\FairCoin

2014-03-25 23:11 - 2014-03-14 20:03 - 00001328 _____ () C:\Users\Eric\Desktop\PRO pool.lnk

2014-03-25 22:43 - 2014-03-20 09:46 - 00001314 _____ () C:\Users\Eric\Desktop\SYN solo.lnk

2014-03-25 22:29 - 2014-03-22 17:31 - 00001505 _____ () C:\Users\Eric\Desktop\HEAVY pool.lnk

2014-03-25 22:23 - 2014-03-25 22:20 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\ProCoin

2014-03-25 22:20 - 2014-03-25 22:20 - 00000999 _____ () C:\Users\Eric\Desktop\PRO.lnk

2014-03-25 22:14 - 2014-02-11 12:30 - 00000000 ____D () C:\Users\Eric\Downloads\Wallet rar

2014-03-25 22:14 - 2014-02-11 11:36 - 00000000 ____D () C:\Users\Eric\Downloads\Altcoin

2014-03-25 18:02 - 2014-02-11 13:39 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\WikiCoin

2014-03-25 16:30 - 2010-11-21 04:47 - 00012560 _____ () C:\Windows\PFRO.log

2014-03-25 15:46 - 2014-03-25 15:46 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-03-25 15:46 - 2014-03-25 15:46 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2014-03-25 15:46 - 2014-02-11 11:37 - 00000000 ____D () C:\Windows\SysWOW64\directx

2014-03-25 14:20 - 2014-03-17 17:48 - 00000440 __RSH () C:\ProgramData\ntuser.pol

2014-03-25 13:40 - 2014-02-11 11:22 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2014-03-25 13:40 - 2014-02-11 11:22 - 00001624 _____ () C:\Windows\LkmdfCoInst.log

2014-03-25 10:01 - 2014-02-20 14:11 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\SynCoin

2014-03-24 23:01 - 2014-02-18 17:57 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\EquestrianBit

2014-03-24 22:22 - 2014-03-24 22:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-24 22:04 - 2014-02-11 11:18 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Malwarebytes

2014-03-24 22:04 - 2014-02-11 11:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-24 22:00 - 2014-03-24 22:00 - 00000000 ____D () C:\Users\Eric\Downloads\Tor Browser

2014-03-24 21:59 - 2014-03-24 21:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Eric\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-24 21:40 - 2014-03-11 20:30 - 00000000 ____D () C:\Users\Eric\Downloads\CAVEDOG

2014-03-24 17:16 - 2014-03-24 17:16 - 00000000 ____D () C:\Users\Eric\Downloads\MSIAfterburnerSetup231

2014-03-24 17:16 - 2014-03-24 17:15 - 22990573 _____ () C:\Users\Eric\Downloads\MSIAfterburnerSetup231.zip

2014-03-24 16:22 - 2014-02-11 11:36 - 00000000 ____D () C:\Users\Eric\Downloads\wallet backup

2014-03-24 14:41 - 2014-02-11 13:59 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Grain

2014-03-24 09:41 - 2014-03-02 17:35 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Birdcoin

2014-03-23 14:18 - 2014-02-11 12:07 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Huntercoin

2014-03-23 14:07 - 2014-02-18 09:10 - 00000000 ____D () C:\Windows\Minidump

2014-03-23 14:07 - 2014-02-11 10:53 - 00287273 ____N () C:\Windows\Minidump\032314-6536-01.dmp

2014-03-22 17:33 - 2014-03-22 17:33 - 00001879 _____ () C:\Users\Eric\Desktop\HVC.lnk

2014-03-22 17:23 - 2014-03-22 17:23 - 00000000 __HDC () C:\ProgramData\{D9418335-6363-40BC-A6DD-4AFE587F6C2C}

2014-03-22 17:23 - 2014-03-07 08:21 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys

2014-03-22 17:23 - 2014-03-07 08:21 - 00000000 ____D () C:\Program Files (x86)\AntiLogger

2014-03-22 17:21 - 2014-03-22 17:21 - 00001218 _____ () C:\Users\Eric\Desktop\EQB solo.lnk

2014-03-22 12:55 - 2014-02-11 11:17 - 00000556 _____ () C:\Users\Eric\Documents\pin.txt

2014-03-21 16:30 - 2014-03-21 16:30 - 05852480 _____ (TeamViewer GmbH) C:\Users\Eric\Downloads\TeamViewer_Setup_it.exe

2014-03-21 16:30 - 2014-03-21 16:30 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\TeamViewer

2014-03-20 22:02 - 2014-03-20 22:02 - 07162220 _____ () C:\Users\Eric\Downloads\ccn-Qt_V1.1a_WIN.zip

2014-03-20 13:09 - 2014-02-18 17:38 - 00000000 ____D () C:\Users\Eric\Downloads\Doom

2014-03-19 20:15 - 2014-02-11 11:50 - 00001758 _____ () C:\Users\Eric\Desktop\BTC.lnk

2014-03-19 20:14 - 2014-03-19 20:14 - 00000000 ____D () C:\Users\Eric\Downloads\bitcoin-0.9.0-win

2014-03-18 16:24 - 2014-03-17 13:05 - 00001717 _____ () C:\Users\Eric\Desktop\FC.lnk

2014-03-18 11:24 - 2014-03-18 11:24 - 00000000 ____D () C:\Program Files (x86)\Etron Technology

2014-03-18 11:24 - 2014-02-11 11:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-03-17 23:49 - 2014-02-13 12:02 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Azureus

2014-03-17 20:58 - 2014-03-17 20:57 - 00001546 _____ () C:\Users\Eric\Desktop\GNS.lnk

2014-03-17 17:48 - 2014-03-17 17:48 - 00585120 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Eric\Downloads\rufus-1.4.5.exe

2014-03-17 17:48 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-03-17 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-03-17 17:26 - 2014-03-17 17:25 - 00000000 ____D () C:\Users\Eric\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-03-17 17:25 - 2014-03-17 17:25 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2014-03-16 21:06 - 2014-02-11 10:53 - 00289321 ____N () C:\Windows\Minidump\031614-6692-01.dmp

2014-03-16 12:29 - 2009-07-14 06:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-15 11:33 - 2014-02-11 10:53 - 00287273 ____N () C:\Windows\Minidump\031514-7987-01.dmp

2014-03-15 08:26 - 2014-02-11 10:53 - 00287273 ____N () C:\Windows\Minidump\031514-8720-01.dmp

2014-03-14 17:10 - 2014-03-02 20:41 - 00000000 ____D () C:\Users\Eric\AppData\Local\AntiLogger Free

2014-03-14 08:43 - 2014-03-14 08:43 - 00042511 _____ () C:\Users\Eric\Documents\omaggio Battlefield 4.eml

2014-03-13 19:24 - 2014-02-22 16:13 - 00001002 _____ () C:\Users\Eric\Desktop\USDE.lnk

2014-03-13 19:00 - 2014-03-13 19:00 - 00000000 ____D () C:\Program Files (x86)\Foxit Software

2014-03-13 19:00 - 2014-02-11 11:30 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Foxit Software

2014-03-13 18:11 - 2014-03-13 18:11 - 00000000 ____D () C:\Program Files\CPUID

2014-03-13 16:48 - 2014-03-13 16:48 - 32320342 _____ () C:\Users\Eric\Downloads\MSIAfterburnerSetup300Beta18.zip

2014-03-13 15:00 - 2014-03-13 15:00 - 00000000 ____D () C:\ProgramData\ATI

2014-03-13 14:59 - 2014-03-13 14:59 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201403131459232338.log

2014-03-13 14:59 - 2014-03-13 14:59 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2014-03-13 14:59 - 2014-03-13 14:57 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-03-13 14:59 - 2014-02-11 11:18 - 00000000 ____D () C:\ProgramData\AMD

2014-03-13 14:58 - 2014-02-11 11:16 - 01631228 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-03-13 14:55 - 2014-03-13 14:55 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201403131455411363.log

2014-03-13 12:14 - 2014-03-13 12:14 - 00000000 _____ () C:\Windows\system32\spu_storage.bin

2014-03-12 12:13 - 2014-03-12 11:44 - 00001570 _____ () C:\Users\Eric\Desktop\BIRD.lnk

2014-03-11 21:06 - 2014-03-11 21:06 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-03-11 19:13 - 2014-02-11 10:59 - 00000000 ____D () C:\Users\Eric\AppData\Local\VirtualStore

2014-03-11 18:39 - 2014-03-11 18:39 - 00000000 ___RD () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-11 12:50 - 2014-03-11 12:48 - 00000000 ____D () C:\Program Files (x86)\StarCraft

2014-03-11 12:49 - 2014-03-11 12:48 - 00001037 _____ () C:\Users\Public\Desktop\StarCraft - Brood War.lnk

2014-03-11 08:34 - 2014-02-11 12:08 - 00001724 _____ () C:\Users\Eric\Desktop\HUC.lnk

2014-03-07 21:20 - 2014-03-07 13:45 - 00001453 _____ () C:\Users\Eric\Desktop\FAIR.lnk

2014-03-07 08:21 - 2014-03-07 08:21 - 00000000 ____D () C:\Users\Eric\AppData\Local\Zemana

2014-03-06 23:01 - 2014-03-06 23:01 - 00000000 ____D () C:\ProgramData\CheckPoint

2014-03-05 22:48 - 2014-03-05 22:48 - 00001232 _____ () C:\Users\Eric\Desktop\EKRONA pool.lnk

2014-03-05 09:26 - 2014-03-24 22:22 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-05 09:26 - 2014-03-24 22:22 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-05 09:26 - 2014-03-24 22:22 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-03 20:50 - 2014-03-03 20:50 - 08288697 _____ () C:\Users\Eric\Downloads\equestrianbit-1.0.2.rar

2014-03-02 20:41 - 2014-03-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free

2014-03-02 20:41 - 2014-03-02 20:41 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK

2014-02-28 23:29 - 2014-02-28 23:29 - 00000000 ____D () C:\Windows\it

2014-02-28 23:29 - 2014-02-28 23:29 - 00000000 ____D () C:\Windows\en

2014-02-28 23:29 - 2014-02-28 23:29 - 00000000 ____D () C:\Program Files\Windows Live

2014-02-28 23:29 - 2014-02-11 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-02-28 23:28 - 2014-02-11 11:35 - 00027805 _____ () C:\Windows\DirectX.log

2014-02-28 17:05 - 2014-02-11 11:35 - 00000000 ____D () C:\Users\Eric\AppData\Local\Windows Live

2014-02-27 10:11 - 2014-02-11 11:51 - 00001543 _____ () C:\Users\Eric\Desktop\GRAIN.lnk

2014-02-26 22:12 - 2014-02-26 22:10 - 107234592 _____ (Oracle Corporation) C:\Users\Eric\Downloads\VirtualBox-4.3.8-92456-Win.exe

2014-02-26 16:44 - 2014-02-26 16:44 - 01639000 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Eric\Downloads\GPU-Z.0.7.7.exe

 

Some content of TEMP:

====================

C:\Users\Eric\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\Eric\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Eric\AppData\Local\Temp\HitmanPro.exe

C:\Users\Eric\AppData\Local\Temp\i4jdel0.exe

C:\Users\Eric\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Eric\AppData\Local\Temp\ZALDF47.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-21 10:43

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

We're going to be running many other scans possibly to get to the bottom of this and if the name of your computer or your name is going to be an issue then probably best to remove this post.  You go back and rename your computer and remove any personal names.  Every website you visit has a log of your computer name and potentially quite a bit more as well and why I recommend users never use any personal names for accounts or computer names.

Link to post
Share on other sites

i can't understand this log

 

there was somemalware in my pc?

 

ComboFix 14-03-24.01 - Eric 29/03/2014  19:09:42.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1033.18.8168.6703 [GMT 1:00]
Eseguito da: c:\users\Eric\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-02-28 al 2014-03-29  )))))))))))))))))))))))))))))))))))
.
.
2014-03-29 18:11 . 2014-03-29 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-29 17:50 . 2014-03-29 17:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-29 17:50 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-29 17:46 . 2014-03-29 17:46 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 17:36 . 2014-03-29 17:37 -------- d-----w- C:\AdwCleaner
2014-03-29 12:40 . 2014-03-29 13:09 -------- d-----w- c:\users\Eric\AppData\Roaming\ChampionCoin
2014-03-28 21:32 . 2014-03-29 16:46 -------- d-----w- c:\users\Eric\AppData\Roaming\Genesiscoin
2014-03-28 08:21 . 2014-03-29 17:31 -------- d-----w- c:\users\Eric\AppData\Roaming\FairCoin
2014-03-28 07:41 . 2014-03-28 21:13 -------- d-----w- c:\users\Eric\AppData\Roaming\Bells
2014-03-28 07:34 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2549781-CCC9-483B-AB96-056950A72C3D}\mpengine.dll
2014-03-27 21:19 . 2014-03-27 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-27 21:19 . 2014-03-27 21:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-27 21:19 . 2014-03-27 21:19 -------- d-----w- c:\windows\SysWow64\Macromed
2014-03-27 21:19 . 2014-03-27 21:19 -------- d-----w- c:\windows\system32\Macromed
2014-03-27 21:18 . 2014-03-27 21:18 -------- d-----w- c:\users\Eric\AppData\Roaming\GameRanger
2014-03-26 22:08 . 2014-03-29 17:31 -------- d-----w- c:\users\Eric\AppData\Roaming\CommunityCoin
2014-03-26 21:32 . 2014-03-26 21:32 -------- d-----w- c:\program files\CPUID
2014-03-26 19:18 . 2014-03-26 19:18 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2014-03-26 19:12 . 2014-03-26 19:12 -------- d-----w- C:\FRST
2014-03-25 21:20 . 2014-03-29 17:33 -------- d-----w- c:\users\Eric\AppData\Roaming\ProCoin
2014-03-25 14:46 . 2014-03-25 14:46 -------- d--h--w- c:\windows\msdownld.tmp
2014-03-22 16:33 . 2014-03-29 16:36 -------- d-----w- c:\users\Eric\AppData\Roaming\Heavycoin
2014-03-22 16:23 . 2014-03-22 16:23 -------- dc-h--w- c:\programdata\{D9418335-6363-40BC-A6DD-4AFE587F6C2C}
2014-03-21 15:30 . 2014-03-21 15:30 -------- d-----w- c:\users\Eric\AppData\Roaming\TeamViewer
2014-03-18 10:24 . 2014-03-18 10:24 -------- d-----w- c:\program files (x86)\Etron Technology
2014-03-17 16:25 . 2014-03-17 16:25 119808 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-03-17 12:02 . 2014-03-29 07:48 -------- d-----w- c:\users\Eric\AppData\Roaming\Fuguecoin
2014-03-13 18:00 . 2014-03-13 18:00 -------- d-----w- c:\program files (x86)\Foxit Software
2014-03-13 14:00 . 2014-03-13 14:00 -------- d-----w- c:\programdata\ATI
2014-03-13 13:59 . 2014-03-13 13:59 -------- d-----w- c:\program files (x86)\AMD AVT
2014-03-13 13:59 . 2014-03-13 13:59 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-03-13 13:57 . 2014-03-13 13:59 -------- d-----w- c:\program files\ATI Technologies
2014-03-13 13:37 . 2014-03-13 13:37 -------- d-----w- c:\windows\SysWow64\Wat
2014-03-13 13:37 . 2014-03-13 13:37 -------- d-----w- c:\windows\system32\Wat
2014-03-13 13:25 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-13 13:25 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-03-13 13:25 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-03-13 13:25 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-03-13 13:25 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-03-13 11:14 . 2014-03-13 11:14 0 ----a-w- c:\windows\system32\spu_storage.bin
2014-03-11 11:48 . 2014-03-11 11:50 -------- d-----w- c:\program files (x86)\StarCraft
2014-03-11 11:48 . 2014-03-11 11:49 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-03-07 07:21 . 2014-03-22 16:23 49752 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2014-03-07 07:21 . 2014-03-22 16:23 -------- d-----w- c:\program files (x86)\AntiLogger
2014-03-07 07:21 . 2014-03-07 07:21 -------- d-----w- c:\users\Eric\AppData\Local\Zemana
2014-03-06 22:01 . 2014-03-06 22:01 -------- d-----w- c:\programdata\CheckPoint
2014-03-02 19:41 . 2014-03-14 16:10 -------- d-----w- c:\users\Eric\AppData\Local\AntiLogger Free
2014-03-02 19:41 . 2014-03-02 19:41 -------- d-----w- c:\program files (x86)\Zemana AntiLogger Free
2014-03-02 19:41 . 2014-03-02 19:41 -------- d-----w- c:\program files (x86)\KeyCryptSDK
2014-03-02 19:41 . 2014-02-12 14:28 25568 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys
2014-03-02 16:35 . 2014-03-26 22:03 -------- d-----w- c:\users\Eric\AppData\Roaming\Birdcoin
2014-02-28 22:29 . 2014-02-28 22:29 -------- d-----w- c:\windows\it
2014-02-28 22:29 . 2014-02-28 22:29 -------- d-----w- c:\windows\en
2014-02-28 22:29 . 2014-02-28 22:29 -------- d-----w- c:\program files\Windows Live
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-25 12:40 . 2014-02-11 10:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-02-19 17:20 . 2014-02-19 17:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-13 11:40 . 2014-02-13 11:40 53248 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-02-11 22:20 . 2014-02-11 22:20 1409 ----a-w- c:\windows\Fonts\FSEX300.fot
2014-02-11 21:21 . 2014-02-11 21:21 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-02-11 10:36 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-10 12:31 . 2014-01-10 12:31 322240 ----a-w- c:\windows\WLXPGSS.SCR
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ZALFree"="c:\program files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" [2014-02-12 12739936]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2014-03-18 19318696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 atillk64;atillk64;c:\users\Eric\Downloads\Vga Programs\ati_winflash_2.6.7\atillk64.sys;c:\users\Eric\Downloads\Vga Programs\ati_winflash_2.6.7\atillk64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:00 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-27 21:19]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15 08:54]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15 08:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(1).dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D04348FA-EF55-42DA-A3B9-41ED2210D5BB}: NameServer = 213.205.32.70,213.205.36.70
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2108921197-901534154-3097603228-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2108921197-901534154-3097603228-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-03-29  19:12:14
ComboFix-quarantined-files.txt  2014-03-29 18:12
.
Pre-Run: 52.932.214.784 byte disponibili
Post-Run: 53.051.846.656 byte disponibili
.
- - End Of File - - 6B98C44966C6CDA9F485CCA978C601B0
A36C5E4F47E84449FF07ED3517B43A31
 
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.