Jump to content

svchost.exe -a cryptonight -o stratum+tcp://tsdjuuytw7udw.ru:7777


Recommended Posts

good Morning, 
often find this process that occupies the cpu 100%. I delete the task but after some time it reappears. Malwarebytes detects it deletes it but then reappears. 
Thanks for your help. 
I enclose the file that Farbar wrote.
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by opera (administrator) on SRVINX-OPERA on 07-08-2014 17:15:36
Running from C:\Analisi
Platform: Windows Server 2012 R2 Datacenter (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET File Security\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ESET) C:\Program Files\ESET\ESET File Security\egui.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\Monitor.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\Opera.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\pjMonSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET File Security\egui.exe [2899256 2013-10-18] (ESET)
HKLM\...\Policies\Explorer: [showSuperHidden] 1
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk
ShortcutTarget: Bginfo.lnk -> C:\BGInfo\Bginfo.exe (Sysinternals)
Startup: C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opera - Monitor.lnk
ShortcutTarget: Opera - Monitor.lnk -> C:\OPERAMES\Opera-30.bat ()
BootExecute: autocheck autochk /q /v * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
Tcpip\..\Interfaces\{0B14AC19-1337-4851-A643-420958F44CCC}: [NameServer]192.168.1.6
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird
FF Extension: ESET File Security for Microsoft Windows Server Extension - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird [2014-07-08]
 
Chrome: 
=======
CHR Extension: (Documenti Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (YouTube) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Ricerca Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26]
CHR Extension: (Gmail) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EhttpSrv; C:\Program Files\ESET\ESET File Security\EHttpSrv.exe [43560 2013-10-18] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET File Security\x86\ekrn.exe [951424 2013-10-18] (ESET)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)
R2 MSSQL$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2014-07-30] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2014-07-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [245760 2013-10-05] (Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [248832 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio Communications)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [174400 2013-10-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [145024 2013-10-18] (ESET)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Emulex)
S3 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [129568 2013-10-18] (ESET)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [32768 2013-08-22] (Microsoft Corporation)
S0 ibbus; C:\Windows\System32\drivers\ibbus.sys [463712 2013-08-22] (Mellanox)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S0 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [426336 2013-08-22] (Mellanox)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [115712 2013-10-08] (Microsoft Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]
S0 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [66400 2013-08-22] (Mellanox)
S3 NETVSCVFPP; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (QLogic Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [145920 2013-09-11] (Microsoft Corporation)
S0 WinMad; C:\Windows\System32\drivers\winmad.sys [28000 2013-08-22] (Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [172544 2014-01-22] (Microsoft Corporation)
S0 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59744 2013-08-22] (Mellanox)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 17:15 - 2014-08-07 17:15 - 00000000 ____D () C:\FRST
2014-08-07 17:10 - 2014-08-07 17:15 - 00000000 ____D () C:\Analisi
2014-08-07 15:58 - 2014-08-07 15:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\opera\Downloads\HijackThis (1).exe
2014-08-07 15:41 - 2014-08-07 15:41 - 00233869 _____ () C:\Users\opera\AppData\Local\census.cache
2014-08-07 15:41 - 2014-08-07 15:41 - 00089985 _____ () C:\Users\opera\AppData\Local\ars.cache
2014-08-07 15:23 - 2014-08-07 15:23 - 02405584 _____ (Trend Micro Inc.) C:\Users\opera\Downloads\HousecallLauncher64.exe
2014-08-07 15:23 - 2014-08-07 15:23 - 00000036 _____ () C:\Users\opera\AppData\Local\housecall.guid.cache
2014-08-07 15:14 - 2014-08-07 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-05 17:09 - 2014-08-05 17:09 - 00000214 _____ () C:\Users\opera\Desktop\New Text Document.txt
2014-08-05 16:06 - 2014-08-07 16:06 - 00000000 ____D () C:\Users\opera\Downloads\backups
2014-08-05 15:59 - 2014-08-05 16:07 - 00005483 _____ () C:\Users\opera\Downloads\hijackthis.log
2014-08-05 15:59 - 2014-08-05 15:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\opera\Downloads\HijackThis.exe
2014-08-05 15:38 - 2014-08-05 15:38 - 02347384 _____ (ESET) C:\Users\opera\Downloads\esetsmartinstaller_enu.exe
2014-07-31 15:39 - 2014-07-31 15:39 - 00000000 ____D () C:\Users\opera\AppData\Local\ESET
2014-07-31 15:32 - 2014-08-07 15:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 15:32 - 2014-07-31 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 15:31 - 2014-07-31 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-31 15:31 - 2014-07-31 15:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 15:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 15:31 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-31 15:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 15:30 - 2014-07-31 15:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\opera\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 15:14 - 2014-07-31 15:14 - 00000000 ____D () C:\Users\opera\Downloads\ProcessExplorer
2014-07-31 14:37 - 2014-07-31 14:37 - 01243655 _____ () C:\Users\opera\Downloads\ProcessExplorer.zip
2014-07-30 11:34 - 2014-07-30 11:34 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\snmpsnap.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\snmpsnap.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\evntwin.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00107882 _____ () C:\Windows\SysWOW64\mib_ii.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00107882 _____ () C:\Windows\system32\mib_ii.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\evntagnt.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evntwin.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evntagnt.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\hostmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\snmp.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00048593 _____ () C:\Windows\SysWOW64\hostmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00048593 _____ () C:\Windows\system32\hostmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\lmmib2.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hostmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lmmib2.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00034317 _____ () C:\Windows\SysWOW64\msiprip2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00034317 _____ () C:\Windows\system32\msiprip2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00030448 _____ () C:\Windows\SysWOW64\mcastmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00030448 _____ () C:\Windows\system32\mcastmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026236 _____ () C:\Windows\SysWOW64\wins.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026236 _____ () C:\Windows\system32\wins.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\evntcmd.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00026100 _____ () C:\Windows\SysWOW64\lmmib2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026100 _____ () C:\Windows\system32\lmmib2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00022462 _____ () C:\Windows\SysWOW64\rfc2571.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00022462 _____ () C:\Windows\system32\rfc2571.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evntcmd.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00021271 _____ () C:\Windows\SysWOW64\http.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00021271 _____ () C:\Windows\system32\http.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wow64mib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00015799 _____ () C:\Windows\SysWOW64\ipforwd.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00015799 _____ () C:\Windows\system32\ipforwd.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00015032 _____ () C:\Windows\SysWOW64\authserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00015032 _____ () C:\Windows\system32\authserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00014032 _____ () C:\Windows\SysWOW64\accserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00014032 _____ () C:\Windows\system32\accserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00013767 _____ () C:\Windows\SysWOW64\msipbtp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00013767 _____ () C:\Windows\system32\msipbtp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\snmpmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\snmpmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00006179 _____ () C:\Windows\SysWOW64\ftp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00006179 _____ () C:\Windows\system32\ftp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004597 _____ () C:\Windows\SysWOW64\dhcp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004597 _____ () C:\Windows\system32\dhcp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004411 _____ () C:\Windows\SysWOW64\smi.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004411 _____ () C:\Windows\system32\smi.mib
2014-07-28 07:11 - 2014-07-30 09:52 - 00007597 _____ () C:\Users\opera\AppData\Local\Resmon.ResmonCfg
2014-07-26 12:01 - 2014-07-26 12:01 - 00000000 __SHD () C:\Users\opera\AppData\Local\EmieUserList
2014-07-26 12:01 - 2014-07-26 12:01 - 00000000 __SHD () C:\Users\opera\AppData\Local\EmieSiteList
2014-07-24 13:52 - 2014-07-24 13:52 - 00001218 _____ () C:\Users\opera\Desktop\Opera5 - Shortcut.lnk
2014-07-24 10:36 - 2014-07-24 10:36 - 00000000 ____D () C:\Users\opera\Documents\Visual Studio 2010
2014-07-23 15:48 - 2014-07-23 15:48 - 00000000 ____D () C:\Users\opera\AppData\Roaming\Microsoft Corporation
2014-07-23 14:42 - 2014-07-28 16:55 - 00000000 ____D () C:\Zucchetti
2014-07-23 10:03 - 2014-07-23 10:02 - 193068544 _____ () C:\Backup-DBD01
2014-07-23 09:54 - 2014-08-01 09:36 - 00000000 ____D () C:\Users\MSSQL$ZUCCHETTI
2014-07-23 09:54 - 2014-07-23 09:54 - 00000020 ___SH () C:\Users\MSSQL$ZUCCHETTI\ntuser.ini
2014-07-23 09:54 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\MSSQL$ZUCCHETTI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-23 09:54 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\MSSQL$ZUCCHETTI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-23 09:54 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\MSSQL$ZUCCHETTI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-23 09:54 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\MSSQL$ZUCCHETTI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-23 09:54 - 2013-08-22 17:39 - 00000000 ___RD () C:\Users\MSSQL$ZUCCHETTI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-23 09:54 - 2013-08-22 17:39 - 00000000 ____D () C:\Users\MSSQL$ZUCCHETTI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-23 09:54 - 2012-02-11 11:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$ZUCCHETTI-sqlctr11.1.3000.0.dll
2014-07-23 09:54 - 2012-02-11 11:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.ZUCCHETTI-sqlagtctr.dll
2014-07-23 09:54 - 2012-02-11 09:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$ZUCCHETTI-sqlctr11.1.3000.0.dll
2014-07-23 09:54 - 2012-02-11 09:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.ZUCCHETTI-sqlagtctr.dll
2014-07-23 09:32 - 2014-07-31 08:32 - 00000000 ____D () C:\Users\opera\Documents\SQL Server Management Studio
2014-07-22 18:44 - 2014-08-06 18:50 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-343818398-115176313-839522115-2607
2014-07-22 17:36 - 2014-07-22 17:37 - 00001104 _____ () C:\Users\opera\Desktop\Monitor v5.0.lnk
2014-07-22 17:35 - 2014-08-05 15:59 - 00000000 ____D () C:\Users\opera\AppData\Local\VirtualStore
2014-07-22 17:35 - 2014-08-01 09:36 - 00000000 ____D () C:\Users\opera
2014-07-22 17:35 - 2014-07-22 17:35 - 00001438 _____ () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-22 17:35 - 2014-07-22 17:35 - 00000020 ___SH () C:\Users\opera\ntuser.ini
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Roaming\Adobe
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Local\Packages
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Local\Microsoft_Corporation
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Local\Google
2014-07-22 17:35 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-22 17:35 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-22 17:35 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-22 17:35 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-22 17:35 - 2013-08-22 17:39 - 00000000 ___RD () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-22 17:35 - 2013-08-22 17:39 - 00000000 ____D () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-22 16:32 - 2014-07-22 16:32 - 00003448 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 05 Backup Ven
2014-07-22 16:29 - 2014-07-22 16:29 - 00003450 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 04 Backup Gio
2014-07-22 16:24 - 2014-07-22 16:33 - 00003454 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 03 Backup Mer
2014-07-22 16:21 - 2014-07-22 16:21 - 00003450 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 02 Backup Mar
2014-07-22 16:20 - 2014-07-22 16:20 - 00003448 _____ () C:\Windows\System32\Tasks\Opera 5.0  - 01 Backup Lun
2014-07-22 16:19 - 2014-07-31 09:06 - 00003298 _____ () C:\Windows\System32\Tasks\Oper 5.0 - Esportazione presenze
2014-07-22 14:10 - 2014-07-22 16:49 - 00002246 ____H () C:\Users\administrator.INOXEADOMAIN\Documents\Default.rdp
2014-07-17 07:10 - 2014-07-17 07:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESET
2014-07-17 07:01 - 2014-08-07 07:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2668381394-3975845966-3827878700-500
2014-07-17 06:56 - 2014-07-17 06:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-14 14:07 - 2014-07-14 14:07 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-14 14:05 - 2014-07-14 14:06 - 28714248 _____ (Microsoft Corporation) C:\Users\administrator.INOXEADOMAIN\Downloads\AccessDatabaseEngine_X64 (2).exe
2014-07-14 14:05 - 2014-07-14 14:05 - 28714248 _____ (Microsoft Corporation) C:\Users\administrator.INOXEADOMAIN\Downloads\AccessDatabaseEngine_X64 (1).exe
2014-07-14 13:53 - 2014-07-14 13:54 - 28631968 _____ (Microsoft Corporation) C:\Users\administrator.INOXEADOMAIN\Downloads\AccessDatabaseEngine_x64.exe
2014-07-11 16:29 - 2014-07-11 16:29 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-07-11 12:25 - 2014-07-11 12:25 - 00001076 _____ () C:\Users\administrator.INOXEADOMAIN\Desktop\Opera Monitor v5.0.lnk
2014-07-11 11:58 - 2014-07-11 11:58 - 00008708 _____ () C:\Windows\INSTALL_BDEINFO.LOG
2014-07-11 11:58 - 2014-07-11 11:58 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BDE Information Utility
2014-07-11 11:58 - 2014-07-11 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE Information Utility
2014-07-11 11:57 - 2014-07-11 12:21 - 00002058 _____ () C:\Windows\SysWOW64\Opera.ini
2014-07-11 11:57 - 2014-07-11 11:57 - 00003085 _____ () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OPERA Monitor v5.0.lnk
2014-07-11 11:57 - 2014-07-11 11:57 - 00000000 ____D () C:\Program Files (x86)\Borland
2014-07-11 11:57 - 2001-11-05 09:30 - 00165376 _____ () C:\Windows\UNWISE.EXE
2014-07-11 11:55 - 2014-07-29 16:13 - 00000000 ____D () C:\OPERAMES
2014-07-11 11:55 - 2014-07-11 11:56 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-07-11 11:55 - 2014-07-11 11:55 - 00000000 ____D () C:\ProgramData\Open Data Srl
2014-07-11 11:55 - 2014-07-11 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 5
2014-07-11 11:51 - 2014-07-22 14:37 - 00000000 ____D () C:\SQLDB
2014-07-08 15:36 - 2014-07-08 15:36 - 00001331 _____ () C:\Users\administrator.INOXEADOMAIN\Desktop\SQL Server Management Studio.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-08 15:21 - 2014-07-22 16:49 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\Documents\SQL Server Management Studio
2014-07-08 15:21 - 2014-07-08 15:21 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-07-08 15:21 - 2014-07-08 15:21 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-07-08 15:21 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-08 15:21 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-08 15:21 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-08 15:21 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-08 15:21 - 2013-08-22 17:39 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-08 15:21 - 2013-08-22 17:39 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-08 15:21 - 2012-02-11 11:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-07-08 15:21 - 2012-02-11 09:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-07-08 15:20 - 2012-02-11 11:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.1.3000.0.dll
2014-07-08 15:20 - 2012-02-11 09:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2014-07-08 15:20 - 2012-02-11 09:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2014-07-08 15:20 - 2012-02-11 09:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.1.3000.0.dll
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-07-08 15:18 - 2014-07-14 14:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Windows\system32\RsFx
2014-07-08 15:16 - 2014-07-08 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-07-08 15:15 - 2014-07-08 15:15 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\Documents\Visual Studio 2010
2014-07-08 15:14 - 2014-07-08 15:16 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-07-08 15:14 - 2014-07-08 15:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-07-08 15:13 - 2014-08-06 18:20 - 00000000 ____D () C:\Windows\symbols
2014-07-08 15:13 - 2014-07-08 15:16 - 00000000 ____D () C:\Windows\system32\1033
2014-07-08 15:13 - 2014-07-08 15:13 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-07-08 15:13 - 2014-07-08 15:13 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-07-08 15:13 - 2014-07-08 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-08 15:07 - 2014-07-08 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-07-08 14:41 - 2014-08-06 18:22 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-08 14:41 - 2014-07-08 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 14:40 - 2014-07-31 15:45 - 00001190 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 14:40 - 2014-07-31 15:45 - 00001186 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 14:40 - 2014-07-31 11:56 - 00004164 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-08 14:40 - 2014-07-31 11:56 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-08 14:40 - 2014-07-08 14:41 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Local\Google
2014-07-08 14:40 - 2014-07-08 14:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-08 14:40 - 2014-07-08 14:40 - 00895120 _____ (Google Inc.) C:\Users\administrator.INOXEADOMAIN\Downloads\ChromeSetup.exe
2014-07-08 14:34 - 2014-07-23 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-08 14:34 - 2014-07-08 14:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-08 14:34 - 2014-07-08 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-08 14:00 - 2013-08-22 19:07 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2014-07-08 14:00 - 2013-08-22 19:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-08 14:00 - 2013-08-22 19:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-07-08 14:00 - 2013-08-22 19:07 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-07-08 14:00 - 2013-08-22 19:07 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-07-08 13:59 - 2013-08-22 19:07 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-07-08 13:50 - 2014-07-08 13:50 - 00000000 ____D () C:\Windows\system32\ServerManager
2014-07-08 13:42 - 2014-07-08 13:47 - 00000000 ____D () C:\c6b1b39a0d4540e098f2a4e8e3b012
2014-07-08 12:36 - 2014-07-23 09:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-08 12:30 - 2014-07-11 16:23 - 00000000 ____D () C:\Opendata
2014-07-08 12:21 - 2014-07-22 16:37 - 00000714 _____ () C:\AMMYY_service.log
2014-07-08 11:46 - 2014-07-22 16:38 - 00010994 _____ () C:\AA_v3.5.log
2014-07-08 11:46 - 2014-07-08 12:20 - 00000000 ____D () C:\ProgramData\AMMYY
2014-07-08 11:45 - 2014-07-08 11:44 - 00764184 _____ (Ammyy LLC) C:\AA_v3.5.exe
2014-07-08 10:40 - 2014-07-08 10:47 - 00001078 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
2014-07-08 10:40 - 2014-07-08 10:47 - 00001066 _____ () C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
2014-07-08 10:40 - 2014-07-08 10:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 10:39 - 2013-10-14 18:28 - 06083392 _____ (TeamViewer) C:\Bitech_Host_Setup_8022298.exe
2014-07-08 10:38 - 2014-07-31 11:56 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-343818398-115176313-839522115-500
2014-07-08 10:19 - 2014-07-08 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-08 10:19 - 2014-07-08 10:19 - 00000000 ____D () C:\ProgramData\ESET
2014-07-08 10:19 - 2014-07-08 10:19 - 00000000 ____D () C:\Program Files\ESET
2014-07-08 09:52 - 2014-07-08 12:37 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Local\Microsoft_Corporation
2014-07-08 09:52 - 2014-07-08 09:52 - 00001438 _____ () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-08 09:52 - 2014-07-08 09:52 - 00000020 ___SH () C:\Users\administrator.INOXEADOMAIN\ntuser.ini
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 __SHD () C:\Users\administrator.INOXEADOMAIN\AppData\Local\EmieUserList
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 __SHD () C:\Users\administrator.INOXEADOMAIN\AppData\Local\EmieSiteList
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Adobe
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Local\Packages
2014-07-08 09:52 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-08 09:52 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-08 09:51 - 2014-08-06 18:20 - 00006926 __RSH () C:\ProgramData\ntuser.pol
2014-07-08 09:51 - 2014-07-08 09:52 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN
2014-07-08 09:51 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-08 09:51 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-08 09:51 - 2013-08-22 17:39 - 00000000 ___RD () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-08 09:51 - 2013-08-22 17:39 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-08 09:50 - 2014-08-07 16:52 - 00000152 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-08 09:48 - 2014-07-08 09:48 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-08 09:48 - 2014-07-08 09:48 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 17:15 - 2014-08-07 17:15 - 00000000 ____D () C:\FRST
2014-08-07 17:15 - 2014-08-07 17:10 - 00000000 ____D () C:\Analisi
2014-08-07 16:52 - 2014-07-08 09:50 - 00000152 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-07 16:06 - 2014-08-05 16:06 - 00000000 ____D () C:\Users\opera\Downloads\backups
2014-08-07 15:58 - 2014-08-07 15:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\opera\Downloads\HijackThis (1).exe
2014-08-07 15:41 - 2014-08-07 15:41 - 00233869 _____ () C:\Users\opera\AppData\Local\census.cache
2014-08-07 15:41 - 2014-08-07 15:41 - 00089985 _____ () C:\Users\opera\AppData\Local\ars.cache
2014-08-07 15:23 - 2014-08-07 15:23 - 02405584 _____ (Trend Micro Inc.) C:\Users\opera\Downloads\HousecallLauncher64.exe
2014-08-07 15:23 - 2014-08-07 15:23 - 00000036 _____ () C:\Users\opera\AppData\Local\housecall.guid.cache
2014-08-07 15:14 - 2014-08-07 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-07 15:14 - 2014-07-31 15:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 15:13 - 2014-03-06 16:17 - 01933013 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 07:28 - 2014-07-17 07:01 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2668381394-3975845966-3827878700-500
2014-08-06 18:50 - 2014-07-22 18:44 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-343818398-115176313-839522115-2607
2014-08-06 18:24 - 2014-03-06 13:43 - 01076204 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 18:22 - 2014-07-08 14:41 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-06 18:20 - 2014-07-08 15:13 - 00000000 ____D () C:\Windows\symbols
2014-08-06 18:20 - 2014-07-08 09:51 - 00006926 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 18:20 - 2014-03-06 13:35 - 00015634 _____ () C:\Windows\PFRO.log
2014-08-06 18:20 - 2013-08-22 16:48 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 17:09 - 2014-08-05 17:09 - 00000214 _____ () C:\Users\opera\Desktop\New Text Document.txt
2014-08-05 16:07 - 2014-08-05 15:59 - 00005483 _____ () C:\Users\opera\Downloads\hijackthis.log
2014-08-05 15:59 - 2014-08-05 15:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\opera\Downloads\HijackThis.exe
2014-08-05 15:59 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Local\VirtualStore
2014-08-05 15:38 - 2014-08-05 15:38 - 02347384 _____ (ESET) C:\Users\opera\Downloads\esetsmartinstaller_enu.exe
2014-08-05 09:20 - 2013-08-22 16:48 - 00000000 ____D () C:\Windows\Setup
2014-08-01 09:55 - 2014-03-06 15:26 - 00000000 ____D () C:\Users\Administrator
2014-08-01 09:36 - 2014-07-23 09:54 - 00000000 ____D () C:\Users\MSSQL$ZUCCHETTI
2014-08-01 09:36 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera
2014-07-31 15:55 - 2013-08-22 15:25 - 00008192 ___SH () C:\Windows\system32\config\BBI
2014-07-31 15:45 - 2014-07-08 14:40 - 00001190 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 15:45 - 2014-07-08 14:40 - 00001186 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 15:45 - 2013-08-22 17:39 - 00000000 ____D () C:\Windows\Speech
2014-07-31 15:39 - 2014-07-31 15:39 - 00000000 ____D () C:\Users\opera\AppData\Local\ESET
2014-07-31 15:32 - 2014-07-31 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 15:32 - 2014-07-31 15:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-31 15:31 - 2014-07-31 15:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 15:30 - 2014-07-31 15:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\opera\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 15:14 - 2014-07-31 15:14 - 00000000 ____D () C:\Users\opera\Downloads\ProcessExplorer
2014-07-31 14:37 - 2014-07-31 14:37 - 01243655 _____ () C:\Users\opera\Downloads\ProcessExplorer.zip
2014-07-31 11:56 - 2014-07-08 14:40 - 00004164 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-31 11:56 - 2014-07-08 14:40 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-31 11:56 - 2014-07-08 10:38 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-343818398-115176313-839522115-500
2014-07-31 09:06 - 2014-07-22 16:19 - 00003298 _____ () C:\Windows\System32\Tasks\Oper 5.0 - Esportazione presenze
2014-07-31 08:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Users\opera\Documents\SQL Server Management Studio
2014-07-31 07:09 - 2013-08-22 17:39 - 00000000 ____D () C:\Windows\rescache
2014-07-30 11:34 - 2014-07-30 11:34 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\snmpsnap.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\snmpsnap.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\evntwin.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00107882 _____ () C:\Windows\SysWOW64\mib_ii.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00107882 _____ () C:\Windows\system32\mib_ii.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\evntagnt.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evntwin.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evntagnt.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\hostmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\snmp.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00048593 _____ () C:\Windows\SysWOW64\hostmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00048593 _____ () C:\Windows\system32\hostmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\lmmib2.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hostmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lmmib2.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00034317 _____ () C:\Windows\SysWOW64\msiprip2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00034317 _____ () C:\Windows\system32\msiprip2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00030448 _____ () C:\Windows\SysWOW64\mcastmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00030448 _____ () C:\Windows\system32\mcastmib.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026236 _____ () C:\Windows\SysWOW64\wins.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026236 _____ () C:\Windows\system32\wins.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\evntcmd.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00026100 _____ () C:\Windows\SysWOW64\lmmib2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00026100 _____ () C:\Windows\system32\lmmib2.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00022462 _____ () C:\Windows\SysWOW64\rfc2571.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00022462 _____ () C:\Windows\system32\rfc2571.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evntcmd.exe
2014-07-30 11:34 - 2014-07-30 11:34 - 00021271 _____ () C:\Windows\SysWOW64\http.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00021271 _____ () C:\Windows\system32\http.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wow64mib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00015799 _____ () C:\Windows\SysWOW64\ipforwd.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00015799 _____ () C:\Windows\system32\ipforwd.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00015032 _____ () C:\Windows\SysWOW64\authserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00015032 _____ () C:\Windows\system32\authserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00014032 _____ () C:\Windows\SysWOW64\accserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00014032 _____ () C:\Windows\system32\accserv.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00013767 _____ () C:\Windows\SysWOW64\msipbtp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00013767 _____ () C:\Windows\system32\msipbtp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\snmpmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\snmpmib.dll
2014-07-30 11:34 - 2014-07-30 11:34 - 00006179 _____ () C:\Windows\SysWOW64\ftp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00006179 _____ () C:\Windows\system32\ftp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004597 _____ () C:\Windows\SysWOW64\dhcp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004597 _____ () C:\Windows\system32\dhcp.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004411 _____ () C:\Windows\SysWOW64\smi.mib
2014-07-30 11:34 - 2014-07-30 11:34 - 00004411 _____ () C:\Windows\system32\smi.mib
2014-07-30 11:34 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-30 09:52 - 2014-07-28 07:11 - 00007597 _____ () C:\Users\opera\AppData\Local\Resmon.ResmonCfg
2014-07-29 16:13 - 2014-07-11 11:55 - 00000000 ____D () C:\OPERAMES
2014-07-28 16:55 - 2014-07-23 14:42 - 00000000 ____D () C:\Zucchetti
2014-07-26 12:01 - 2014-07-26 12:01 - 00000000 __SHD () C:\Users\opera\AppData\Local\EmieUserList
2014-07-26 12:01 - 2014-07-26 12:01 - 00000000 __SHD () C:\Users\opera\AppData\Local\EmieSiteList
2014-07-25 10:43 - 2013-08-22 17:39 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-24 13:52 - 2014-07-24 13:52 - 00001218 _____ () C:\Users\opera\Desktop\Opera5 - Shortcut.lnk
2014-07-24 10:36 - 2014-07-24 10:36 - 00000000 ____D () C:\Users\opera\Documents\Visual Studio 2010
2014-07-23 15:48 - 2014-07-23 15:48 - 00000000 ____D () C:\Users\opera\AppData\Roaming\Microsoft Corporation
2014-07-23 10:02 - 2014-07-23 10:03 - 193068544 _____ () C:\Backup-DBD01
2014-07-23 09:54 - 2014-07-23 09:54 - 00000020 ___SH () C:\Users\MSSQL$ZUCCHETTI\ntuser.ini
2014-07-23 09:54 - 2014-07-08 12:36 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-23 09:53 - 2014-07-08 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-22 18:31 - 2013-08-22 16:47 - 00362528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-22 17:37 - 2014-07-22 17:36 - 00001104 _____ () C:\Users\opera\Desktop\Monitor v5.0.lnk
2014-07-22 17:35 - 2014-07-22 17:35 - 00001438 _____ () C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-22 17:35 - 2014-07-22 17:35 - 00000020 ___SH () C:\Users\opera\ntuser.ini
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Roaming\Adobe
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Local\Packages
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Local\Microsoft_Corporation
2014-07-22 17:35 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera\AppData\Local\Google
2014-07-22 16:49 - 2014-07-22 14:10 - 00002246 ____H () C:\Users\administrator.INOXEADOMAIN\Documents\Default.rdp
2014-07-22 16:49 - 2014-07-08 15:21 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\Documents\SQL Server Management Studio
2014-07-22 16:38 - 2014-07-08 11:46 - 00010994 _____ () C:\AA_v3.5.log
2014-07-22 16:37 - 2014-07-08 12:21 - 00000714 _____ () C:\AMMYY_service.log
2014-07-22 16:33 - 2014-07-22 16:24 - 00003454 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 03 Backup Mer
2014-07-22 16:32 - 2014-07-22 16:32 - 00003448 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 05 Backup Ven
2014-07-22 16:29 - 2014-07-22 16:29 - 00003450 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 04 Backup Gio
2014-07-22 16:21 - 2014-07-22 16:21 - 00003450 _____ () C:\Windows\System32\Tasks\Opera 5.0 - 02 Backup Mar
2014-07-22 16:20 - 2014-07-22 16:20 - 00003448 _____ () C:\Windows\System32\Tasks\Opera 5.0  - 01 Backup Lun
2014-07-22 14:37 - 2014-07-11 11:51 - 00000000 ____D () C:\SQLDB
2014-07-17 07:10 - 2014-07-17 07:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESET
2014-07-17 06:56 - 2014-07-17 06:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-14 14:07 - 2014-07-14 14:07 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-14 14:07 - 2014-07-08 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-14 14:07 - 2013-08-22 17:39 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-14 14:06 - 2014-07-14 14:05 - 28714248 _____ (Microsoft Corporation) C:\Users\administrator.INOXEADOMAIN\Downloads\AccessDatabaseEngine_X64 (2).exe
2014-07-14 14:05 - 2014-07-14 14:05 - 28714248 _____ (Microsoft Corporation) C:\Users\administrator.INOXEADOMAIN\Downloads\AccessDatabaseEngine_X64 (1).exe
2014-07-14 13:54 - 2014-07-14 13:53 - 28631968 _____ (Microsoft Corporation) C:\Users\administrator.INOXEADOMAIN\Downloads\AccessDatabaseEngine_x64.exe
2014-07-11 16:29 - 2014-07-11 16:29 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-07-11 16:23 - 2014-07-08 12:30 - 00000000 ____D () C:\Opendata
2014-07-11 12:25 - 2014-07-11 12:25 - 00001076 _____ () C:\Users\administrator.INOXEADOMAIN\Desktop\Opera Monitor v5.0.lnk
2014-07-11 12:21 - 2014-07-11 11:57 - 00002058 _____ () C:\Windows\SysWOW64\Opera.ini
2014-07-11 11:58 - 2014-07-11 11:58 - 00008708 _____ () C:\Windows\INSTALL_BDEINFO.LOG
2014-07-11 11:58 - 2014-07-11 11:58 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BDE Information Utility
2014-07-11 11:58 - 2014-07-11 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE Information Utility
2014-07-11 11:57 - 2014-07-11 11:57 - 00003085 _____ () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OPERA Monitor v5.0.lnk
2014-07-11 11:57 - 2014-07-11 11:57 - 00000000 ____D () C:\Program Files (x86)\Borland
2014-07-11 11:56 - 2014-07-11 11:55 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-07-11 11:56 - 2013-08-22 15:25 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-07-11 11:55 - 2014-07-11 11:55 - 00000000 ____D () C:\ProgramData\Open Data Srl
2014-07-11 11:55 - 2014-07-11 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 5
2014-07-08 15:36 - 2014-07-08 15:36 - 00001331 _____ () C:\Users\administrator.INOXEADOMAIN\Desktop\SQL Server Management Studio.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-08 15:21 - 2014-07-08 15:21 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-07-08 15:21 - 2014-07-08 15:21 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-07-08 15:20 - 2014-07-08 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-07-08 15:18 - 2014-07-08 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-08 15:17 - 2014-07-08 15:17 - 00000000 ____D () C:\Windows\system32\RsFx
2014-07-08 15:16 - 2014-07-08 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-07-08 15:16 - 2014-07-08 15:14 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-07-08 15:16 - 2014-07-08 15:13 - 00000000 ____D () C:\Windows\system32\1033
2014-07-08 15:15 - 2014-07-08 15:15 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\Documents\Visual Studio 2010
2014-07-08 15:14 - 2014-07-08 15:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-07-08 15:13 - 2014-07-08 15:13 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-07-08 15:13 - 2014-07-08 15:13 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-07-08 15:13 - 2014-07-08 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-08 14:41 - 2014-07-08 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 14:41 - 2014-07-08 14:40 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Local\Google
2014-07-08 14:41 - 2014-07-08 14:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-08 14:40 - 2014-07-08 14:40 - 00895120 _____ (Google Inc.) C:\Users\administrator.INOXEADOMAIN\Downloads\ChromeSetup.exe
2014-07-08 14:34 - 2014-07-08 14:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-08 14:34 - 2014-07-08 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-07-08 14:04 - 2014-07-08 14:04 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-08 13:50 - 2014-07-08 13:50 - 00000000 ____D () C:\Windows\system32\ServerManager
2014-07-08 13:47 - 2014-07-08 13:42 - 00000000 ____D () C:\c6b1b39a0d4540e098f2a4e8e3b012
2014-07-08 12:37 - 2014-07-08 09:52 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Local\Microsoft_Corporation
2014-07-08 12:20 - 2014-07-08 11:46 - 00000000 ____D () C:\ProgramData\AMMYY
2014-07-08 11:44 - 2014-07-08 11:45 - 00764184 _____ (Ammyy LLC) C:\AA_v3.5.exe
2014-07-08 10:47 - 2014-07-08 10:40 - 00001078 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
2014-07-08 10:47 - 2014-07-08 10:40 - 00001066 _____ () C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
2014-07-08 10:40 - 2014-07-08 10:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 10:19 - 2014-07-08 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-08 10:19 - 2014-07-08 10:19 - 00000000 ____D () C:\ProgramData\ESET
2014-07-08 10:19 - 2014-07-08 10:19 - 00000000 ____D () C:\Program Files\ESET
2014-07-08 09:52 - 2014-07-08 09:52 - 00001438 _____ () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-08 09:52 - 2014-07-08 09:52 - 00000020 ___SH () C:\Users\administrator.INOXEADOMAIN\ntuser.ini
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 __SHD () C:\Users\administrator.INOXEADOMAIN\AppData\Local\EmieUserList
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 __SHD () C:\Users\administrator.INOXEADOMAIN\AppData\Local\EmieSiteList
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Roaming\Adobe
2014-07-08 09:52 - 2014-07-08 09:52 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN\AppData\Local\Packages
2014-07-08 09:52 - 2014-07-08 09:51 - 00000000 ____D () C:\Users\administrator.INOXEADOMAIN
2014-07-08 09:48 - 2014-07-08 09:48 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-07-08 09:48 - 2014-07-08 09:48 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-04 03:10
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by opera at 2014-08-07 17:16:38
Running from C:\Analisi
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
ESET File Security (HKLM\...\{6D5E2716-C113-468B-B74E-806B94563C50}) (Version: 4.5.12015.1 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Installazione di Microsoft SQL Server 2008 R2 (Italiano) (HKLM\...\{6508C773-0852-42EA-8E09-0F5483378292}) (Version: 10.52.4000.0 - Microsoft Corporation)
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access database engine 2010 (Italian) (HKLM\...\{90140000-00D1-0410-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (Version:  - ) Hidden
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 RsFx Driver (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{AB4AE7E5-E63E-458E-A9D9-B271EA2ED69B}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{376949D9-0B10-4E7A-9AA5-16AC38F9E843}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
OPERA Monitor v5.0 build 5.3.2.3 (HKLM-x32\...\{1A2557E9-D7D3-4EF9-8DBD-BFD50F979DE9}) (Version: 5.3.2 - OPEN DATA SRL)
Opera v5.0 (HKLM-x32\...\{B2DD6579-FF46-4603-A24A-202BD31F3DED}) (Version: 5.3.2 - Open Data Srl)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.26038 - TeamViewer)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A42C350-D6F3-46B5-9E4A-BC04B29E619D} - System32\Tasks\Oper 5.0 - Esportazione presenze => C:\OPERAMES\Job\Bin\ExpAutoPresenze.cmd [2014-07-31] ()
Task: {165EF380-3D3C-40E5-8D77-D6659BDFF0ED} - System32\Tasks\Opera 5.0 - 04 Backup Gio => C:\OPERAMES\Job\Bin\OperaBack04.cmd [2014-07-11] ()
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => Cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {3C4E2341-D2F0-4CD4-ACB2-EA7056CFEB0C} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {54554696-A0C2-4A35-A05A-53D8BBBF1FFA} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2013-08-22] (Microsoft Corporation)
Task: {6A9411C9-427F-4E01-B94C-2B0E62CCA8F1} - System32\Tasks\Opera 5.0 - 02 Backup Mar => C:\OPERAMES\Job\Bin\OperaBack02.cmd [2014-07-11] ()
Task: {724906C6-6AFB-4E20-BCBA-0C706A5C092C} - System32\Tasks\Opera 5.0 - 03 Backup Mer => C:\OPERAMES\Job\Bin\OperaBack03.cmd [2014-07-11] ()
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => Rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {8437B96C-7179-4849-92AA-E31EF411DC27} - System32\Tasks\Opera 5.0  - 01 Backup Lun => C:\OPERAMES\Job\Bin\OperaBack01.cmd [2014-07-11] ()
Task: {8CCEE9FB-20E3-4E78-B4B4-E812FAEA847D} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2013-08-22] (Microsoft Corporation)
Task: {96F2F496-235F-475B-BD02-4827544F1ECE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {997514A9-18E8-4C71-A9CD-1D360C83A600} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {AD103BD0-D91E-41D4-A48F-76E27ACC6094} - System32\Tasks\Opera 5.0 - 05 Backup Ven => C:\OPERAMES\Job\Bin\OperaBack05.cmd [2014-07-11] ()
Task: {DA23AE6C-A0E8-496C-9401-25B38C8BD4B2} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {E17CE1E2-2876-42D3-B6F5-40A269D1D3C4} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Daily Collector => Cscript.exe %systemroot%\system32\sildailycollector.vbs
Task: {E2F3C34F-4A57-4CF5-BB13-3DE25CE432DE} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {E734F5D1-8C2A-414A-8D45-531A0560F057} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {F00FD1E5-E940-487A-BADE-23E9C5C4D9C7} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {FDC0BB51-997B-41D7-A5AC-9607522317EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-31] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
1998-06-09 06:00 - 1998-06-09 06:00 - 00211424 _____ () C:\OPERAMES\Monitor\DBCLIENT.DLL
2014-07-11 11:57 - 1999-06-21 05:10 - 00589312 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\IDAPI32.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00116736 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\IDR20009.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00101376 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\BANTAM.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00415232 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\SQLMSS32.DLL
1997-11-14 04:51 - 1997-11-14 04:51 - 00103936 _____ () C:\OPERAMES\Monitor\idprov32.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00464896 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\idsql32.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2014 03:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xad0
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5
 
Error: (08/07/2014 03:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xa10
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5f8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5
 
Error: (08/07/2014 03:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x120
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x930
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x6f4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:10:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x7ac
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xc78
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:07:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x9ac
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x988
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
 
System errors:
=============
Error: (08/07/2014 03:17:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (08/07/2014 03:14:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 10 time(s).
 
Error: (08/07/2014 03:13:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (08/07/2014 03:13:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (08/07/2014 03:13:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DelayedAutostart with the following error: 
%%5
 
Error: (08/07/2014 03:13:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (08/07/2014 03:11:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (08/07/2014 03:11:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DelayedAutostart with the following error: 
%%5
 
Error: (08/07/2014 03:11:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (08/07/2014 03:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DelayedAutostart with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (08/07/2014 03:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdad001cfb24172bd4d8fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3044d384-1e35-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8aa1001cfb241721db0ffC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeb29efd17-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5f801cfb21bcc5a6a4dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla717e83f-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a12001cfb2411c90d8deC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe5bbfb698-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a93001cfb2410865c621C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe4856ed1a-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a6f401cfb241041461b7C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe438c8299-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:10:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a7ac01cfb240e5e741dcC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe24f25af5-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ac7801cfb240c677c70dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe0593979e-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:07:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a9ac01cfb24078933407C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exebc40f3f8-1e33-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a98801cfb240691c5fa2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeacedeaf5-1e33-11e4-80d0-00155d00fe07
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-08 15:36:38.064
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2014-07-08 15:36:37.752
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 4095.55 MB
Available physical RAM: 2454.91 MB
Total Pagefile: 4799.55 MB
Available Pagefile: 3075.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.66 GB) (Free:127.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 150 GB) (Disk ID: A6204495)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thank you

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • If any threats are found, don´t click the Cleanup button - rather save the log and post it up in your topic.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

Hello enclose the outcome of the scan does not detect anything but despite the problem persists. 

Thank you for your help


 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

www.malwarebytes.org

 

Database version: v2014.09.01.01

 

Windows Server 2012 R2 x64 NTFS

Internet Explorer 11.0.9600.17105

opera :: SRVINX-OPERA [administrator]

 

01/09/2014 12:18:50

mbar-log-2014-09-01 (12-18-50).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 440450

Time elapsed: 9 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

  • 3 weeks later...

Thank you,

here the files.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by opera at 2014-09-22 14:16:32
Running from C:\Analisi
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
ESET File Security (HKLM\...\{6D5E2716-C113-468B-B74E-806B94563C50}) (Version: 4.5.12015.1 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Installazione di Microsoft SQL Server 2008 R2 (Italiano) (HKLM\...\{6508C773-0852-42EA-8E09-0F5483378292}) (Version: 10.52.4000.0 - Microsoft Corporation)
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access database engine 2010 (Italian) (HKLM\...\{90140000-00D1-0410-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (Version:  - ) Hidden
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 RsFx Driver (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{AB4AE7E5-E63E-458E-A9D9-B271EA2ED69B}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{376949D9-0B10-4E7A-9AA5-16AC38F9E843}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
OPERA Monitor v5.0 build 5.3.2.3 (HKLM-x32\...\{1A2557E9-D7D3-4EF9-8DBD-BFD50F979DE9}) (Version: 5.3.2 - OPEN DATA SRL)
Opera v5.0 (HKLM-x32\...\{B2DD6579-FF46-4603-A24A-202BD31F3DED}) (Version: 5.3.2 - Open Data Srl)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.30992 - TeamViewer)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A42C350-D6F3-46B5-9E4A-BC04B29E619D} - System32\Tasks\Oper 5.0 - Esportazione presenze => C:\OPERAMES\Job\Bin\ExpAutoPresenze.cmd [2014-07-31] ()
Task: {165EF380-3D3C-40E5-8D77-D6659BDFF0ED} - System32\Tasks\Opera 5.0 - 04 Backup Gio => C:\OPERAMES\Job\Bin\OperaBack04.cmd [2014-07-11] ()
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => Cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {3C4E2341-D2F0-4CD4-ACB2-EA7056CFEB0C} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {54554696-A0C2-4A35-A05A-53D8BBBF1FFA} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2013-08-22] (Microsoft Corporation)
Task: {6A9411C9-427F-4E01-B94C-2B0E62CCA8F1} - System32\Tasks\Opera 5.0 - 02 Backup Mar => C:\OPERAMES\Job\Bin\OperaBack02.cmd [2014-07-11] ()
Task: {724906C6-6AFB-4E20-BCBA-0C706A5C092C} - System32\Tasks\Opera 5.0 - 03 Backup Mer => C:\OPERAMES\Job\Bin\OperaBack03.cmd [2014-07-11] ()
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => Rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {8437B96C-7179-4849-92AA-E31EF411DC27} - System32\Tasks\Opera 5.0  - 01 Backup Lun => C:\OPERAMES\Job\Bin\OperaBack01.cmd [2014-07-11] ()
Task: {8CCEE9FB-20E3-4E78-B4B4-E812FAEA847D} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2013-08-22] (Microsoft Corporation)
Task: {96F2F496-235F-475B-BD02-4827544F1ECE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {997514A9-18E8-4C71-A9CD-1D360C83A600} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {AD103BD0-D91E-41D4-A48F-76E27ACC6094} - System32\Tasks\Opera 5.0 - 05 Backup Ven => C:\OPERAMES\Job\Bin\OperaBack05.cmd [2014-07-11] ()
Task: {DA23AE6C-A0E8-496C-9401-25B38C8BD4B2} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {E17CE1E2-2876-42D3-B6F5-40A269D1D3C4} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Daily Collector => Cscript.exe %systemroot%\system32\sildailycollector.vbs
Task: {E2F3C34F-4A57-4CF5-BB13-3DE25CE432DE} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {E734F5D1-8C2A-414A-8D45-531A0560F057} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {F00FD1E5-E940-487A-BADE-23E9C5C4D9C7} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {FDC0BB51-997B-41D7-A5AC-9607522317EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-31] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
1998-06-09 06:00 - 1998-06-09 06:00 - 00211424 _____ () C:\OPERAMES\Monitor\DBCLIENT.DLL
2014-07-11 11:57 - 1999-06-21 05:10 - 00589312 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\IDAPI32.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00116736 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\IDR20009.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00101376 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\BANTAM.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00415232 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\SQLMSS32.DLL
1997-11-14 04:51 - 1997-11-14 04:51 - 00103936 _____ () C:\OPERAMES\Monitor\idprov32.DLL
2014-07-11 11:57 - 2001-05-10 11:00 - 00464896 _____ () C:\Program Files (x86)\Borland\Common Files\BDE\idsql32.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2014 03:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xad0
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5
 
Error: (08/07/2014 03:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xa10
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5f8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5
 
Error: (08/07/2014 03:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x120
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x930
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x6f4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:10:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x7ac
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xc78
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:07:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x9ac
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (08/07/2014 03:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x988
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (08/07/2014 03:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdad001cfb24172bd4d8fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3044d384-1e35-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8aa1001cfb241721db0ffC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeb29efd17-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5f801cfb21bcc5a6a4dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla717e83f-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a12001cfb2411c90d8deC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe5bbfb698-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a93001cfb2410865c621C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe4856ed1a-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a6f401cfb241041461b7C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe438c8299-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:10:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a7ac01cfb240e5e741dcC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe24f25af5-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ac7801cfb240c677c70dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe0593979e-1e34-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:07:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a9ac01cfb24078933407C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exebc40f3f8-1e33-11e4-80d0-00155d00fe07
 
Error: (08/07/2014 03:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a98801cfb240691c5fa2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeacedeaf5-1e33-11e4-80d0-00155d00fe07
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-08 15:36:38.064
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2014-07-08 15:36:37.752
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5-2620 0 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 4095.55 MB
Available physical RAM: 1721.8 MB
Total Pagefile: 4799.55 MB
Available Pagefile: 1848.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.66 GB) (Free:127.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 150 GB) (Disk ID: A6204495)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
And ...
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by opera (administrator) on SRVINX-OPERA on 22-09-2014 14:15:32
Running from C:\Analisi
Platform: Windows Server 2012 R2 Datacenter (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET File Security\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ESET) C:\Program Files\ESET\ESET File Security\egui.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\Monitor.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\Opera.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\pjMonSrv.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\ServerManager.exe
(ESET) C:\Program Files\ESET\ESET File Security\egui.exe
(Sysinternals) C:\BGInfo\Bginfo.exe
(Microsoft Corporation) C:\Windows\System32\wlrmdr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET File Security\egui.exe [2899256 2013-10-18] (ESET)
HKLM\...\Policies\Explorer: [showSuperHidden] 1
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk
ShortcutTarget: Bginfo.lnk -> C:\BGInfo\Bginfo.exe (Sysinternals)
Startup: C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opera - Monitor.lnk
ShortcutTarget: Opera - Monitor.lnk -> C:\OPERAMES\Opera-30.bat ()
BootExecute: autocheck autochk /q /v * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
Tcpip\..\Interfaces\{0B14AC19-1337-4851-A643-420958F44CCC}: [NameServer] 192.168.1.6
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird
FF Extension: ESET File Security for Microsoft Windows Server Extension - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird [2014-07-08]
 
Chrome: 
=======
CHR HomePage: Default -> 24A1F17BC17ADC3F91FD20B9444E878CB250D28FB9C28167846657595E2EC014
CHR DefaultSearchKeyword: Default -> 57A37141E0D760C515153FCBBDC06F05FB6A2316DE6519BCFEA9ECA8E01FBC68
CHR DefaultSearchProvider: Default -> C56B97DE8A56E5D71850731CA0BEFDE35FE4681E49773EBF5FEED5F3D40DB774
CHR DefaultSearchURL: Default -> 4614A27B976D0666E34240AADC1C1A3CA723E964E509E8B2AA61E7915AD507C4
CHR Profile: C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (YouTube) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Ricerca Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26]
CHR Extension: (Gmail) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EhttpSrv; C:\Program Files\ESET\ESET File Security\EHttpSrv.exe [43560 2013-10-18] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET File Security\x86\ekrn.exe [951424 2013-10-18] (ESET)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)
R2 MSSQL$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)
R2 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2014-07-30] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2014-07-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [245760 2013-10-05] (Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [248832 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio Communications)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [174400 2013-10-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [145024 2013-10-18] (ESET)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Emulex)
S3 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [129568 2013-10-18] (ESET)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [32768 2013-08-22] (Microsoft Corporation)
S0 ibbus; C:\Windows\System32\drivers\ibbus.sys [463712 2013-08-22] (Mellanox)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S0 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [426336 2013-08-22] (Mellanox)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [115712 2013-10-08] (Microsoft Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]
S0 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [66400 2013-08-22] (Mellanox)
S3 NETVSCVFPP; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (QLogic Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [145920 2013-09-11] (Microsoft Corporation)
S0 WinMad; C:\Windows\System32\drivers\winmad.sys [28000 2013-08-22] (Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [172544 2014-01-22] (Microsoft Corporation)
S0 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59744 2013-08-22] (Mellanox)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Corporation)
R3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys 9539F7917B4B6D92C90F0FAA6B86C605
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 239268BAB58EAE9A3FF4E08334C00451
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys 8E8E34B7BA059050EED827410D0697A2
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\system32\DRIVERS\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\drivers\bfadfcoei.sys 20B24A515209EEA9D0500A8E3F17F206
C:\Windows\System32\drivers\bfadi.sys 32DB84719E8EA5ED8AE54E79F19782FD
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\bxfcoe.sys C392AECC53F60801FAB32407A7F4C57B
C:\Windows\System32\drivers\bxois.sys 4DFA44593FAFB909D261898461D6ECAD
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\cht4vx64.sys 79E002FB10B0451609FE2EFBD4DED31C
C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 4627C1FBF2802425A408A2D2AF28CF85
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\System32\drivers\dxgkrnl.sys C7D252742946DD395670649742FBD73D
C:\Windows\System32\DRIVERS\eamonm.sys FAC2E2717A98A9320D2A76807D3DE76E
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\system32\DRIVERS\ehdrv.sys 0DEB98665B38BFC390946E22EF27B4BE
C:\Windows\System32\drivers\elxfcoe.sys 6565326D51C5A3744406D723FC4199B4
C:\Windows\System32\drivers\elxstor.sys 3AF30511A5D17890343A0A4313C25D42
C:\Windows\system32\DRIVERS\epfwwfpr.sys 5898F94232DAA45B081B3BA7E73A86C2
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fcvsc.sys F62383CA428A2DF7B3A5612A005CE506
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys 46D1DF775FFF14585218BBE16E5B2C9A
C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys EF3AE7773394DF49CE74AF78A1C8D23D
C:\Windows\System32\drivers\HDAudBus.sys 03909BDBFF0DCACCABF2B2D4ADEE44DC
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\System32\drivers\ibbus.sys BF00494818FD9E0B3E841B93A1847C7C
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys FD9C9E9E3F0ED51502C7E8C066BE26B9
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys 034D4BD9DC67C64F3A4C8A049B5173BF
C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885
C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0
C:\Windows\System32\Drivers\ksecpkg.sys F88CC88F4A6D8476F1664E805CA18CC2
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\mwac.sys 0664F6335F108F38FE08C3CA747311EE
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\mlx4_bus.sys 13340C572F24BB6AFAD3AE034BEC63B8
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06
C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9
C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56
C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2
C:\Windows\System32\DRIVERS\mrxsmb.sys C997E6A37BA8915224B3FB5024A34F69
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E
C:\Windows\System32\DRIVERS\mrxsmb20.sys AAF56E4E84D35411B4E446C445732DFE
C:\Windows\system32\DRIVERS\bridge.sys 4E888019078AC363076A5433E89AA4F8
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\DRIVERS\MsLbfoProvider.sys 90364F6DB9367224B7570E2AFC5FE97E
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
\??\C:\Windows\system32\drivers\ 
\??\C:\Windows\SysWOW64\drivers\ 
C:\Windows\System32\drivers\ndfltr.sys 59D76237021AE10E260EDA02F2D4EDCD
C:\Windows\System32\drivers\ndis.sys F21B77B4D74092A543807D3CEB711A88
C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 9F1DA20E943BE7AA4ED5F3E1EBA78B37
C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244
C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B
C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827
C:\Windows\System32\Drivers\Ntfs.sys 1C80517BE6836A812F6A9B99B8321351
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F
C:\Windows\System32\drivers\pci.sys 275AFE3FA35E8D78BE97695DF49817C6
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys B9D968D8E2B0F9C6301CEB39CFC9B9E4
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\system32\DRIVERS\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7
C:\Windows\System32\drivers\ql2300i.sys 257CC72B4D30667D706F33C0AAFD9799
C:\Windows\System32\drivers\ql40xx2i.sys C6197CE7D9623B7228F0E8F252CE2E34
C:\Windows\System32\drivers\qlfcoei.sys E4BE623FCC1D5A23901A3FFB8B88278B
C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905
C:\Windows\system32\DRIVERS\AgileVpn.sys 55FE43112F61836D0581D615C72AA113
C:\Windows\system32\DRIVERS\rasl2tp.sys BBB6272B7F46C4640A8CDB8A70C3450F
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\system32\DRIVERS\rassstp.sys 2B0F1677CDD08967005F34488559BC6F
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys 858776908AF838E3790F3261B799CDA6
C:\Windows\System32\Drivers\ReFS.sys E515A287C8FAE901EB8FB42F168E14F2
C:\Windows\System32\DRIVERS\RsFx0201.sys 964E8376B0B3FE1354B19907E1A4A692
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\DRIVERS\sacdrv.sys 46826657CCB39CB424409D33584FA460
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7
C:\Windows\System32\drivers\sdbus.sys FDEC5799BA499D18AFA3A540538866E7
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\DRIVERS\smbdirect.sys AA4155D7F199EBB58F623F00B30BAB9B
C:\Windows\System32\drivers\spaceport.sys 87765EF43C33BE342F4ACB0E3FBF89A6
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 2B78788A1485F9B99A578A299DF42C02
C:\Windows\System32\DRIVERS\srv2.sys E62EAEF0BAC9DD61BF22D4A7F2F18571
C:\Windows\System32\DRIVERS\srvnet.sys 466BDC0006103F2547D308DD3CD64398
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E
C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3
C:\Windows\System32\drivers\tcpip.sys FEEFE783D87C9063CDAC6DBDCF95F533
C:\Windows\system32\DRIVERS\tcpip.sys FEEFE783D87C9063CDAC6DBDCF95F533
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254
C:\Windows\System32\drivers\tsusbhub.sys 4A445D5E44CD996D18E128EF321D54B2
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys B034A41891A36457B994307DFA772293
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys 433ECDE01A52691FA7ACA51C10C09B70
C:\Windows\System32\drivers\usbehci.sys 5477D6E27C7D266EF8C152B9A25ADE5E
C:\Windows\System32\drivers\usbhub.sys DF56C2C04EFA328D7A66B69007130266
C:\Windows\System32\drivers\UsbHub3.sys CFC52C49BEFE4D70D87FFA900EAB9777
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS EA23453240137F6773174E0D93F61A69
C:\Windows\System32\drivers\usbuhci.sys BA4FA655E0FC577DB7436FC963932CE4
C:\Windows\System32\drivers\USBXHCI.SYS 48430B0313FC1CFE3D2400553F1A93CD
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 52E483A3701A5A61A75A06993720347D
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 3595FBDF25F8BA6256072D103937D7D6
C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE
C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\System32\DRIVERS\wfplwfs.sys BFBE1C5F57FE7A885673A1962D5532B7
C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA
C:\Windows\System32\drivers\winmad.sys CE7BDF86EA539F5DDF90E25DC1CDCD16
C:\Windows\System32\drivers\winnat.sys F4CCD386538E889D7E0BE3ACECFC569A
C:\Windows\System32\drivers\winverbs.sys 44B19297DBB12FFAE43CADCD5FB0893A
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\wtlmdrv.sys 72349809C6D6F5185C25EA7CDC5C2F3B
C:\Windows\System32\drivers\WudfPf.sys 2FEAE33E9B2B56104596E1BA444405A9
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-19 11:55 - 2014-09-19 11:55 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-09-19 11:52 - 2014-09-19 11:52 - 00000000 ____D () C:\Users\opera\Doctor Web
2014-09-19 11:50 - 2014-09-19 11:52 - 155204896 _____ () C:\Users\opera\Downloads\cureit.exe
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft_Corporation
2014-09-19 00:38 - 2014-09-19 00:38 - 00001442 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 00:38 - 2014-09-19 00:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator
2014-09-19 00:38 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-19 00:38 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-19 00:38 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-09-19 00:38 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-09-19 00:38 - 2013-08-22 17:39 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-19 00:38 - 2013-08-22 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-18 16:58 - 2014-09-18 16:58 - 02991832 _____ (ESET) C:\Users\opera\Downloads\ERARemover_x64.exe
2014-09-01 12:17 - 2014-09-01 12:31 - 00000000 ____D () C:\Users\opera\Downloads\mbar
2014-09-01 12:16 - 2014-09-01 12:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\opera\Downloads\mbar-1.07.0.1012.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 14:15 - 2014-08-07 17:15 - 00000000 ____D () C:\FRST
2014-09-22 14:15 - 2014-08-07 17:10 - 00000000 ____D () C:\Analisi
2014-09-22 13:26 - 2014-07-08 09:50 - 00000152 _____ () C:\Windows\system32\config\netlogon.ftl
2014-09-22 12:52 - 2014-03-06 16:17 - 02036403 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 07:39 - 2014-03-06 13:43 - 01076204 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 11:55 - 2014-09-19 11:55 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-09-19 11:52 - 2014-09-19 11:52 - 00000000 ____D () C:\Users\opera\Doctor Web
2014-09-19 11:52 - 2014-09-19 11:50 - 155204896 _____ () C:\Users\opera\Downloads\cureit.exe
2014-09-19 11:52 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera
2014-09-19 10:39 - 2014-07-17 07:01 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2668381394-3975845966-3827878700-500
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft_Corporation
2014-09-19 00:38 - 2014-09-19 00:38 - 00001442 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 00:38 - 2014-09-19 00:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator
2014-09-18 16:58 - 2014-09-18 16:58 - 02991832 _____ (ESET) C:\Users\opera\Downloads\ERARemover_x64.exe
2014-09-18 16:58 - 2014-07-08 10:19 - 00000000 ____D () C:\ProgramData\ESET
2014-09-18 14:29 - 2014-07-22 18:44 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-343818398-115176313-839522115-2607
2014-09-18 14:22 - 2014-07-08 14:41 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-18 14:19 - 2013-08-22 16:48 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 14:19 - 2013-08-22 15:25 - 00008192 ___SH () C:\Windows\system32\config\BBI
2014-09-08 12:41 - 2014-03-06 13:35 - 00017340 _____ () C:\Windows\PFRO.log
2014-09-04 16:21 - 2014-07-28 07:11 - 00007597 _____ () C:\Users\opera\AppData\Local\Resmon.ResmonCfg
2014-09-04 15:39 - 2014-07-23 09:32 - 00000000 ____D () C:\Users\opera\Documents\SQL Server Management Studio
2014-09-01 12:31 - 2014-09-01 12:17 - 00000000 ____D () C:\Users\opera\Downloads\mbar
2014-09-01 12:31 - 2014-08-07 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-01 12:18 - 2014-07-31 15:32 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 12:16 - 2014-09-01 12:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\opera\Downloads\mbar-1.07.0.1012.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
bootshutdowndisabled    Yes
default                 {current}
resumeobject            {c087e441-a56e-11e3-8a31-b0ecadd57de5}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows Server 2012 R2
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {c087e443-a56e-11e3-8a31-b0ecadd57de5}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {c087e441-a56e-11e3-8a31-b0ecadd57de5}
nx                      OptOut
 
Windows Boot Loader
-------------------
identifier              {c087e443-a56e-11e3-8a31-b0ecadd57de5}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{c087e444-a56e-11e3-8a31-b0ecadd57de5}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{c087e444-a56e-11e3-8a31-b0ecadd57de5}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {c087e441-a56e-11e3-8a31-b0ecadd57de5}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {c087e443-a56e-11e3-8a31-b0ecadd57de5}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {c087e444-a56e-11e3-8a31-b0ecadd57de5}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2014-09-22 04:37
 
==================== End Of Log ============================
Link to post
Share on other sites

Excuse me,

here it is.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by opera (administrator) on SRVINX-OPERA on 22-09-2014 16:17:57
Running from C:\Analisi
Platform: Windows Server 2012 R2 Datacenter (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET File Security\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ESET) C:\Program Files\ESET\ESET File Security\egui.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\Monitor.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\Opera.exe
(Open Data Srl - Bologna (Italia)) C:\OPERAMES\Monitor\pjMonSrv.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\ServerManager.exe
(ESET) C:\Program Files\ESET\ESET File Security\egui.exe
(Sysinternals) C:\BGInfo\Bginfo.exe
(Microsoft Corporation) C:\Windows\System32\wlrmdr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET File Security\egui.exe [2899256 2013-10-18] (ESET)
HKLM\...\Policies\Explorer: [showSuperHidden] 1
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk
ShortcutTarget: Bginfo.lnk -> C:\BGInfo\Bginfo.exe (Sysinternals)
Startup: C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opera - Monitor.lnk
ShortcutTarget: Opera - Monitor.lnk -> C:\OPERAMES\Opera-30.bat ()
BootExecute: autocheck autochk /q /v * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
Tcpip\..\Interfaces\{0B14AC19-1337-4851-A643-420958F44CCC}: [NameServer] 192.168.1.6
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird
FF Extension: ESET File Security for Microsoft Windows Server Extension - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird [2014-07-08]
 
Chrome: 
=======
CHR HomePage: Default -> 24A1F17BC17ADC3F91FD20B9444E878CB250D28FB9C28167846657595E2EC014
CHR DefaultSearchKeyword: Default -> 57A37141E0D760C515153FCBBDC06F05FB6A2316DE6519BCFEA9ECA8E01FBC68
CHR DefaultSearchProvider: Default -> C56B97DE8A56E5D71850731CA0BEFDE35FE4681E49773EBF5FEED5F3D40DB774
CHR DefaultSearchURL: Default -> 4614A27B976D0666E34240AADC1C1A3CA723E964E509E8B2AA61E7915AD507C4
CHR Profile: C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (YouTube) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Ricerca Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26]
CHR Extension: (Gmail) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EhttpSrv; C:\Program Files\ESET\ESET File Security\EHttpSrv.exe [43560 2013-10-18] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET File Security\x86\ekrn.exe [951424 2013-10-18] (ESET)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)
R2 MSSQL$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)
R2 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2014-07-30] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2014-07-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [245760 2013-10-05] (Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [248832 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio Communications)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [174400 2013-10-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [145024 2013-10-18] (ESET)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Emulex)
S3 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [129568 2013-10-18] (ESET)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [32768 2013-08-22] (Microsoft Corporation)
S0 ibbus; C:\Windows\System32\drivers\ibbus.sys [463712 2013-08-22] (Mellanox)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S0 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [426336 2013-08-22] (Mellanox)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [115712 2013-10-08] (Microsoft Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]
S0 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [66400 2013-08-22] (Mellanox)
S3 NETVSCVFPP; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (QLogic Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [145920 2013-09-11] (Microsoft Corporation)
S0 WinMad; C:\Windows\System32\drivers\winmad.sys [28000 2013-08-22] (Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [172544 2014-01-22] (Microsoft Corporation)
S0 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59744 2013-08-22] (Mellanox)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Corporation)
R3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-19 11:55 - 2014-09-19 11:55 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-09-19 11:52 - 2014-09-19 11:52 - 00000000 ____D () C:\Users\opera\Doctor Web
2014-09-19 11:50 - 2014-09-19 11:52 - 155204896 _____ () C:\Users\opera\Downloads\cureit.exe
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft_Corporation
2014-09-19 00:38 - 2014-09-19 00:38 - 00001442 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 00:38 - 2014-09-19 00:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator
2014-09-19 00:38 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-19 00:38 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-19 00:38 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-09-19 00:38 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-09-19 00:38 - 2013-08-22 17:39 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-19 00:38 - 2013-08-22 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-18 16:58 - 2014-09-18 16:58 - 02991832 _____ (ESET) C:\Users\opera\Downloads\ERARemover_x64.exe
2014-09-01 12:17 - 2014-09-01 12:31 - 00000000 ____D () C:\Users\opera\Downloads\mbar
2014-09-01 12:16 - 2014-09-01 12:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\opera\Downloads\mbar-1.07.0.1012.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 16:17 - 2014-08-07 17:15 - 00000000 ____D () C:\FRST
2014-09-22 16:17 - 2014-08-07 17:10 - 00000000 ____D () C:\Analisi
2014-09-22 15:43 - 2014-03-06 16:17 - 02051696 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 14:57 - 2014-07-08 09:50 - 00000152 _____ () C:\Windows\system32\config\netlogon.ftl
2014-09-21 07:39 - 2014-03-06 13:43 - 01076204 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 11:55 - 2014-09-19 11:55 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-09-19 11:52 - 2014-09-19 11:52 - 00000000 ____D () C:\Users\opera\Doctor Web
2014-09-19 11:52 - 2014-09-19 11:50 - 155204896 _____ () C:\Users\opera\Downloads\cureit.exe
2014-09-19 11:52 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera
2014-09-19 10:39 - 2014-07-17 07:01 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2668381394-3975845966-3827878700-500
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft_Corporation
2014-09-19 00:38 - 2014-09-19 00:38 - 00001442 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 00:38 - 2014-09-19 00:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator
2014-09-18 16:58 - 2014-09-18 16:58 - 02991832 _____ (ESET) C:\Users\opera\Downloads\ERARemover_x64.exe
2014-09-18 16:58 - 2014-07-08 10:19 - 00000000 ____D () C:\ProgramData\ESET
2014-09-18 14:29 - 2014-07-22 18:44 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-343818398-115176313-839522115-2607
2014-09-18 14:22 - 2014-07-08 14:41 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-18 14:19 - 2013-08-22 16:48 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 14:19 - 2013-08-22 15:25 - 00008192 ___SH () C:\Windows\system32\config\BBI
2014-09-08 12:41 - 2014-03-06 13:35 - 00017340 _____ () C:\Windows\PFRO.log
2014-09-04 16:21 - 2014-07-28 07:11 - 00007597 _____ () C:\Users\opera\AppData\Local\Resmon.ResmonCfg
2014-09-04 15:39 - 2014-07-23 09:32 - 00000000 ____D () C:\Users\opera\Documents\SQL Server Management Studio
2014-09-01 12:31 - 2014-09-01 12:17 - 00000000 ____D () C:\Users\opera\Downloads\mbar
2014-09-01 12:31 - 2014-08-07 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-01 12:18 - 2014-07-31 15:32 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 12:16 - 2014-09-01 12:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\opera\Downloads\mbar-1.07.0.1012.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-22 04:37
 
==================== End Of Log ============================
Link to post
Share on other sites

Here it is.

 

Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by opera at 2014-09-22 17:36:56
Running from C:\Analisi
Boot Mode: Normal
 
================== Search Files: "wininit.exe" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe
[2013-08-22 11:58][2013-08-22 11:58] 0144384 ____A (Microsoft Corporation) 48CFA7BE561A7BE144C29BB912055016 [File is signed]
 
C:\Windows\System32\wininit.exe
[2013-08-22 11:58][2013-08-22 11:58] 0144384 ____A (Microsoft Corporation) 48CFA7BE561A7BE144C29BB912055016 [File is signed]
 
====== End Of Search ======
Link to post
Share on other sites

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Thanks anyway for your help. 

The truth is that we are a small company with expertise mainly accounting. This is our first experience of virtualization. This particular machine would replace an old computer with on-board control software attendance. Because of the malware can not demonstrate the efficacy of the new solution. How do we proceed?

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Please rescan with FRST (create a new addition.txt as well) and post the logs.

Link to post
Share on other sites

good Morning, 

Last night I ran the fix and the next scan the result of which I enclose. 

Unfortunately this morning the problem has come back.

 

Fixlog.txt

 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-09-2014

Ran by opera at 2014-09-30 18:04:06 Run:1

Running from C:\Analisi

Loaded Profiles: opera & MSSQL$ZUCCHETTI (Available profiles: Administrator & opera & administrator & MSSQL$ZUCCHETTI & MSSQL$SQLEXPRESS)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Replace: C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe C:\Windows\SysWOW64\wininit.exe

EmptyTemp:

Reboot:

*****************

 

Could not find C:\Windows\SysWOW64\wininit.exe.

C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe copied successfully to C:\Windows\SysWOW64\wininit.exe

EmptyTemp: => Removed 2.2 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

and frst.txt

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014

Ran by opera (administrator) on SRVINX-OPERA on 30-09-2014 18:10:46

Running from C:\Analisi

Loaded Profiles: opera & MSSQL$ZUCCHETTI (Available profiles: Administrator & opera & administrator & MSSQL$ZUCCHETTI & MSSQL$SQLEXPRESS)

Platform: Windows Server 2012 R2 Datacenter (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(ESET) C:\Program Files\ESET\ESET File Security\x86\ekrn.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Windows\System32\snmp.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe

(ESET) C:\Program Files\ESET\ESET File Security\egui.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Microsoft Corporation) C:\Windows\System32\rdpclip.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET File Security\egui.exe [2899256 2013-10-18] (ESET)

HKLM\...\Policies\Explorer: [showSuperHidden] 1

Lsa: [Notification Packages] rassfm scecli

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk

ShortcutTarget: Bginfo.lnk -> C:\BGInfo\Bginfo.exe (Sysinternals)

Startup: C:\Users\opera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opera - Monitor.lnk

ShortcutTarget: Opera - Monitor.lnk -> C:\OPERAMES\Opera-30.bat ()

BootExecute: autocheck autochk /q /v * 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 

Tcpip\..\Interfaces\{0B14AC19-1337-4851-A643-420958F44CCC}: [NameServer] 192.168.1.6

 

FireFox:

========

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird

FF Extension: ESET File Security for Microsoft Windows Server Extension - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird [2014-07-08]

 

Chrome: 

=======

CHR HomePage: Default -> 24A1F17BC17ADC3F91FD20B9444E878CB250D28FB9C28167846657595E2EC014

CHR DefaultSearchKeyword: Default -> 57A37141E0D760C515153FCBBDC06F05FB6A2316DE6519BCFEA9ECA8E01FBC68

CHR DefaultSearchProvider: Default -> C56B97DE8A56E5D71850731CA0BEFDE35FE4681E49773EBF5FEED5F3D40DB774

CHR DefaultSearchURL: Default -> 4614A27B976D0666E34240AADC1C1A3CA723E964E509E8B2AA61E7915AD507C4

CHR Profile: C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Documenti Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]

CHR Extension: (Google Drive) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]

CHR Extension: (YouTube) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]

CHR Extension: (Ricerca Google) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]

CHR Extension: (Google Wallet) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26]

CHR Extension: (Gmail) - C:\Users\opera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 EhttpSrv; C:\Program Files\ESET\ESET File Security\EHttpSrv.exe [43560 2013-10-18] (ESET)

R2 ekrn; C:\Program Files\ESET\ESET File Security\x86\ekrn.exe [951424 2013-10-18] (ESET)

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)

S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)

R2 MSSQL$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\sqlservr.exe [191976 2012-10-20] (Microsoft Corporation)

R2 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Corporation)

S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Corporation)

S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Corporation)

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)

R2 SNMP; C:\Windows\System32\snmp.exe [50688 2014-07-30] (Microsoft Corporation)

R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2014-07-30] (Microsoft Corporation)

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)

S4 SQLAgent$ZUCCHETTI; C:\Program Files\Microsoft SQL Server\MSSQL11.ZUCCHETTI\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-20] (Microsoft Corporation)

S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [245760 2013-10-05] (Microsoft Corporation)

R2 UALSVC; C:\Windows\System32\ualsvc.dll [248832 2013-08-22] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)

S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)

S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Broadcom Corporation)

S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Broadcom Corporation)

S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio Communications)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [174400 2013-10-18] (ESET)

R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [145024 2013-10-18] (ESET)

S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Emulex)

S3 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [129568 2013-10-18] (ESET)

S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [32768 2013-08-22] (Microsoft Corporation)

S0 ibbus; C:\Windows\System32\drivers\ibbus.sys [463712 2013-08-22] (Mellanox)

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

S0 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [426336 2013-08-22] (Mellanox)

S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [115712 2013-10-08] (Microsoft Corporation)

S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]

S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]

S0 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [66400 2013-08-22] (Mellanox)

S3 NETVSCVFPP; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (QLogic Corporation)

S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (QLogic Corporation)

S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (QLogic Corporation)

S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)

S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Corporation)

S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [145920 2013-09-11] (Microsoft Corporation)

S0 WinMad; C:\Windows\System32\drivers\winmad.sys [28000 2013-08-22] (Mellanox)

S3 WinNat; C:\Windows\System32\drivers\winnat.sys [172544 2014-01-22] (Microsoft Corporation)

S0 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59744 2013-08-22] (Mellanox)

S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Corporation)

S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-30 18:04 - 2013-08-22 11:58 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininit.exe

2014-09-30 06:05 - 2014-09-30 06:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESET

2014-09-29 06:57 - 2014-09-29 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Portthrue

2014-09-28 16:51 - 2014-09-29 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Portthru

2014-09-23 14:23 - 2014-09-23 14:24 - 04161313 _____ () C:\Users\opera\Downloads\tdsskiller.zip

2014-09-23 14:15 - 2014-09-23 14:15 - 00380416 _____ () C:\Users\opera\Downloads\lj8ub5x5.exe

2014-09-19 11:55 - 2014-09-19 11:55 - 00000000 ____D () C:\ProgramData\Doctor Web

2014-09-19 11:52 - 2014-09-19 11:52 - 00000000 ____D () C:\Users\opera\Doctor Web

2014-09-19 11:50 - 2014-09-19 11:52 - 155204896 _____ () C:\Users\opera\Downloads\cureit.exe

2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-09-19 00:39 - 2014-09-19 00:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft_Corporation

2014-09-19 00:38 - 2014-09-19 00:38 - 00001442 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-09-19 00:38 - 2014-09-19 00:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini

2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe

2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-09-19 00:38 - 2014-09-19 00:38 - 00000000 ____D () C:\Users\Administrator

2014-09-19 00:38 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-09-19 00:38 - 2014-05-09 22:19 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-09-19 00:38 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2014-09-19 00:38 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2014-09-19 00:38 - 2013-08-22 17:39 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-09-19 00:38 - 2013-08-22 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-09-18 16:58 - 2014-09-18 16:58 - 02991832 _____ (ESET) C:\Users\opera\Downloads\ERARemover_x64.exe

2014-09-01 12:17 - 2014-09-01 12:31 - 00000000 ____D () C:\Users\opera\Downloads\mbar

2014-09-01 12:16 - 2014-09-01 12:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\opera\Downloads\mbar-1.07.0.1012.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-30 18:10 - 2014-08-07 17:15 - 00000000 ____D () C:\FRST

2014-09-30 18:10 - 2014-08-07 17:10 - 00000000 ____D () C:\Analisi

2014-09-30 18:10 - 2014-07-22 18:44 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-343818398-115176313-839522115-2607

2014-09-30 18:09 - 2014-03-06 13:43 - 01076204 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-30 18:07 - 2014-07-08 14:41 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-30 18:04 - 2014-07-08 09:50 - 00000152 _____ () C:\Windows\system32\config\netlogon.ftl

2014-09-30 18:04 - 2014-03-06 16:17 - 01728217 _____ () C:\Windows\WindowsUpdate.log

2014-09-30 18:04 - 2014-03-06 13:35 - 00083822 _____ () C:\Windows\PFRO.log

2014-09-30 18:04 - 2013-08-22 16:48 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-30 16:45 - 2014-07-17 07:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2668381394-3975845966-3827878700-500

2014-09-30 07:28 - 2013-08-22 15:25 - 00008192 ___SH () C:\Windows\system32\config\BBI

2014-09-30 06:05 - 2014-05-09 17:14 - 00000000 __SHD () C:\Users\Administrator\AppData\Roaming\ufafrecr

2014-09-19 11:52 - 2014-07-22 17:35 - 00000000 ____D () C:\Users\opera

2014-09-18 16:58 - 2014-07-08 10:19 - 00000000 ____D () C:\ProgramData\ESET

2014-09-04 16:21 - 2014-07-28 07:11 - 00007597 _____ () C:\Users\opera\AppData\Local\Resmon.ResmonCfg

2014-09-04 15:39 - 2014-07-23 09:32 - 00000000 ____D () C:\Users\opera\Documents\SQL Server Management Studio

2014-09-01 12:31 - 2014-08-07 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-09-01 12:18 - 2014-07-31 15:32 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-23 03:29

 

==================== End Of Log ============================

 

Thank you


Link to post
Share on other sites

I cannot see a thing here.

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

  • 2 weeks later...
This is the result of the scan. The program was used to connect remotely. The problem seems to be under control since we prevented remote access via rdp. since then I have not found open sessions by the user administrator. in these sessions was performed malaware. 

So far so good

 


C:\AA_v3.5.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.