1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Svchost.exe creates itself in c:\windows\temp

Discussion in 'Virus & Other Malware Removal' started by ildrugo, Mar 4, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Hallo everybody,
    my machine has a virus in svchost.exe in c:\windows\temp that creates itself every boot.
    I've last kaspersky security, it delete the svchost.exe file every boot but i would delete permanently, can you help me?
    I've tried also in windows safe mode, disabled av, launch combofix, eset, hitmanpro, malwarebytes, jrt, tdsskiller, nothing, every boot svchost.exe creates itself.


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Phenom(tm) II X2 550 Processor, AMD64 Family 16 Model 4 Stepping 2
    Processor Count: 2
    RAM: 8190 Mb
    Graphics Card: NVIDIA GeForce GTX 570, 1280 Mb
    Hard Drives: C: Total - 76231 MB, Free - 19137 MB; D: Total - 534136 MB, Free - 54693 MB;
    Motherboard: ASUSTeK Computer INC., M4A785TD-V EVO
    Antivirus: Kaspersky Internet Security, Updated and Enabled


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015
    Ran by LUCA (administrator) on DARYL on 04-03-2015 17:57:00
    Running from C:\Users\LUCA\Desktop\Malware remove
    Loaded Profiles: LUCA (Available profiles: LUCA)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
    (Microsoft Corporation) C:\Windows\System32\schtasks.exe
    () C:\Windows\temp\svchost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2787840 2010-01-18] (VIA)
    Startup: C:\Users\LUCA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2198110285-402169673-2624775991-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2198110285-402169673-2624775991-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2198110285-402169673-2624775991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
    Toolbar: HKLM - Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
    FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
    FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
    FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1073;&#1083;&#1086;&#1082;&#1091;&#1074;&#1072;&#1085;&#1085;&#1103; &#1085;&#1077;&#1073;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1080;&#1093; &#1074;&#1077;&#1073;-&#1089;&#1072;&#1081;&#1090;&#1110;&#1074; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2015-03-02]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
    FF Extension: &#1042;&#1110;&#1088;&#1090;&#1091;&#1072;&#1083;&#1100;&#1085;&#1072; &#1082;&#1083;&#1072;&#1074;&#1110;&#1072;&#1090;&#1091;&#1088;&#1072; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2015-03-02]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
    FF Extension: &#1041;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1110; &#1087;&#1083;&#1072;&#1090;&#1077;&#1078;&#1110; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2015-03-02]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.it/"
    CHR Profile: C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-13]
    CHR Extension: (Google Docs) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
    CHR Extension: (Google Drive) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-13]
    CHR Extension: (YouTube) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-13]
    CHR Extension: (Adblock Plus) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-13]
    CHR Extension: (Google Search) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-13]
    CHR Extension: (Kaspersky Protection) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-02]
    CHR Extension: (Google Sheets) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-13]
    CHR Extension: (PictureMate - View hidden pictures) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmlalkcjmglpgdkmkmmgjcajahkoigj [2015-01-03]
    CHR Extension: (Google Wallet) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
    CHR Extension: (Gmail) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-13]
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
    R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-08] (Electronic Arts)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2014-09-22] (Google Inc)
    R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
    R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-04] ()
    S3 KCIRNET; C:\Windows\System32\DRIVERS\kcirnet.sys [29320 2011-02-10] (KC Technology Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
    R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-06] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
    R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-10-05] (http://libusb-win32.sourceforge.net)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2014-11-24] (Oracle Corporation)
    S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1290752 2010-01-11] (VIA Technologies, Inc.) [File not signed]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 GPU-Z; \??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys [X]
    S2 hl_mull; \SystemRoot\System32\drivers\hl_mull.SYS [X]
    R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 17:48 - 2015-03-04 17:57 - 00000000 ____D () C:\Users\LUCA\Desktop\Malware remove
    2015-03-04 17:47 - 2015-03-04 17:49 - 00000000 ____D () C:\AdwCleaner
    2015-03-04 17:47 - 2015-03-04 17:47 - 02126848 _____ () C:\Users\LUCA\Downloads\AdwCleaner.exe
    2015-03-04 17:46 - 2015-03-04 17:46 - 39739064 _____ (Microsoft Corporation) C:\Users\LUCA\Downloads\Windows-KB890830-x64-V5.21.exe
    2015-03-04 17:41 - 2015-03-04 17:41 - 00000540 _____ () C:\Windows\PFRO.log
    2015-03-04 17:35 - 2015-03-04 17:35 - 00020078 _____ () C:\ComboFix.txt
    2015-03-04 17:28 - 2015-03-04 17:28 - 00000624 _____ () C:\Users\LUCA\Desktop\JRT.txt
    2015-03-04 17:24 - 2015-03-04 17:24 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-03-04 17:23 - 2015-03-04 17:23 - 00002078 _____ () C:\Windows\system32\.crusader
    2015-03-04 17:17 - 2015-03-04 17:23 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-03-04 15:07 - 2015-03-04 17:50 - 00000168 _____ () C:\Windows\setupact.log
    2015-03-04 15:07 - 2015-03-04 15:07 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-03 18:44 - 2015-03-03 18:44 - 00023537 _____ () C:\Users\LUCA\Downloads\Addition.txt
    2015-03-03 18:43 - 2015-03-04 17:57 - 00000000 ____D () C:\FRST
    2015-03-03 18:43 - 2015-03-03 18:44 - 00046102 _____ () C:\Users\LUCA\Downloads\FRST.txt
    2015-03-03 18:39 - 2015-03-03 18:40 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-03 18:39 - 2015-03-03 18:39 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-03 18:38 - 2015-03-03 18:38 - 18730584 _____ () C:\Users\LUCA\Downloads\RogueKillerX64.exe
    2015-03-03 18:34 - 2015-03-03 18:34 - 00007710 _____ () C:\Users\LUCA\Downloads\ESETPoweliksCleaner.exe_20150303.183435.4240.log
    2015-03-03 18:34 - 2015-03-03 18:34 - 00000022 _____ () C:\Users\LUCA\Downloads\ESETPoweliksCleaner.exe_20150303.183435.4240.zip
    2015-03-02 20:54 - 2015-03-02 20:54 - 00001444 _____ () C:\Users\LUCA\Documents\pil.txt
    2015-03-02 20:33 - 2015-03-02 20:36 - 61761674 _____ () C:\Users\LUCA\Downloads\40pft4009_12_fus_ita.zip
    2015-03-02 17:15 - 2015-03-02 17:15 - 00347816 _____ (Microsoft Corporation) C:\Users\LUCA\Downloads\MicrosoftFixit.WinFileFolder.FISC.134873962880453.1.1.Run.exe
    2015-03-02 17:08 - 2015-03-02 17:08 - 00001810 _____ () C:\Users\LUCA\Desktop\prova.reg
    2015-03-02 14:49 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-03-02 14:49 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-03-02 14:49 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-03-02 14:49 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-03-02 14:36 - 2015-03-02 14:36 - 00003130 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-03-02 14:15 - 2015-03-02 14:15 - 00002330 _____ () C:\Users\LUCA\Desktop\Safe Money.lnk
    2015-03-02 14:13 - 2015-03-02 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
    2015-03-02 14:13 - 2015-03-02 14:12 - 00002136 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
    2015-03-02 14:12 - 2015-03-04 17:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-03-02 14:12 - 2015-03-02 14:12 - 00000000 ____D () C:\Windows\ELAMBKUP
    2015-03-02 14:12 - 2015-03-02 14:12 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
    2015-03-02 14:12 - 2014-12-06 14:57 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
    2015-03-02 14:12 - 2014-12-06 14:57 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
    2015-03-02 14:12 - 2014-08-12 17:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
    2015-03-02 14:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
    2015-03-02 14:08 - 2015-03-02 14:11 - 204070656 _____ (Kaspersky Lab) C:\Users\LUCA\Downloads\kis15.0.1.415it-it.exe
    2015-03-02 13:42 - 2015-03-04 17:35 - 00000000 ____D () C:\Qoobox
    2015-03-02 13:42 - 2015-03-02 14:03 - 00000000 ____D () C:\Windows\erdnt
    2015-03-02 13:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-03-02 13:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-03-02 13:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-03-02 13:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-03-02 13:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-03-02 13:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-03-02 13:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-03-02 13:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-03-02 13:41 - 2015-03-02 13:41 - 05612482 ____R (Swearware) C:\Users\LUCA\Downloads\ComboFix.exe
    2015-03-02 13:28 - 2015-03-02 13:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-02 13:28 - 2015-03-02 13:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-02 13:28 - 2015-03-02 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-02 13:28 - 2015-03-02 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-03-02 13:28 - 2015-03-02 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-02 13:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-02 13:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-02 13:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-02 13:27 - 2015-03-02 13:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\LUCA\Downloads\mbam-setup-2.0.4.1028.exe
    2015-03-02 10:33 - 2015-03-02 10:33 - 00977408 _____ () C:\Users\LUCA\Downloads\Elenco_enti_rispondenti_e_non_auto_blu_300610.xls
    2015-02-27 17:49 - 2015-02-27 17:49 - 00113152 _____ () C:\Users\LUCA\Documents\Sito web docente di Luca Mazzara — Curriculum vitae.html
    2015-02-27 17:49 - 2015-02-27 17:49 - 00000000 ____D () C:\Users\LUCA\Documents\Sito web docente di Luca Mazzara — Curriculum vitae_files
    2015-02-27 17:08 - 2015-02-27 17:08 - 00001259 _____ () C:\Users\LUCA\Documents\proposta di legge modifica legge regionale polizia locale.txt
    2015-02-26 18:43 - 2015-02-26 18:43 - 00014619 _____ () C:\Users\LUCA\Downloads\Sogni e Delitti.torrent
    2015-02-26 18:25 - 2015-02-26 18:25 - 00002209 _____ () C:\Users\LUCA\Documents\Musica classica.axp
    2015-02-26 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-26 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-16 01:09 - 2015-02-16 01:09 - 00024469 _____ () C:\Users\LUCA\Downloads\black.sails.s02.e04.subspedia.zip
    2015-02-14 21:21 - 2015-02-14 21:21 - 00000117 _____ () C:\Users\LUCA\Documents\trattorie.txt
    2015-02-12 20:20 - 2015-02-12 20:20 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
    2015-02-12 07:45 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-12 07:45 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 07:45 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-12 07:45 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 20:03 - 2015-02-11 20:04 - 04609966 _____ () C:\Users\LUCA\Downloads\Atti_amministrativi.zip
    2015-02-11 09:58 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 09:58 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 09:58 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 09:58 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 09:58 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 09:58 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 09:58 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 09:58 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 09:58 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 09:58 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-11 09:58 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 09:58 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 09:58 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 09:58 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 09:58 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 09:58 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 09:58 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 09:58 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 09:58 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 09:58 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 09:58 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 09:58 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 09:58 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 09:58 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 09:58 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 09:58 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 09:58 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 09:58 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 09:58 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 09:58 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 09:58 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 09:58 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-11 09:58 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-11 09:58 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 09:58 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 09:58 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 09:58 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 09:58 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-11 09:58 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 09:58 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 09:58 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 09:58 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 09:58 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 09:58 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 09:58 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 09:58 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 09:58 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-11 09:58 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 09:58 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 09:58 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 09:58 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 09:58 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 09:58 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 09:58 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 09:58 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 09:58 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 09:58 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 09:58 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 09:58 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 09:58 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 09:58 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 09:58 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 09:58 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 09:58 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 09:58 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 09:58 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 09:58 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 09:58 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-11 09:58 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 09:58 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 09:58 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 09:58 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 09:58 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 09:58 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 09:58 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-11 09:57 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 09:57 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 09:57 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 09:57 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 09:57 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 09:57 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 09:57 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 09:57 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 09:57 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 09:57 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 09:57 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 09:57 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 09:57 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 09:57 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 09:57 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 09:57 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 09:57 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 09:57 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 09:57 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 09:57 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-11 09:57 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-11 09:57 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-11 09:57 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 09:57 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 09:57 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 09:57 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 09:57 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 09:57 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 09:57 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-11 09:57 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 09:57 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 09:57 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 09:57 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 09:57 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-02-11 09:57 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-02-11 09:57 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-02-11 09:57 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-02-11 03:33 - 2015-02-11 03:33 - 00294177 _____ () C:\Users\LUCA\Downloads\genico-1.1.zip
    2015-02-10 19:06 - 2015-02-10 19:10 - 309136440 _____ (NVIDIA Corporation) C:\Users\LUCA\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe
    2015-02-09 20:57 - 2015-02-09 22:09 - 00000000 ____D () C:\Windows\Minidump
    2015-02-08 14:58 - 2015-02-08 14:58 - 06846309 _____ () C:\Users\LUCA\Downloads\Non confermato 213970.crdownload
    2015-02-08 14:57 - 2015-02-08 14:57 - 06846309 _____ () C:\Users\LUCA\Downloads\Non confermato 359747.crdownload
    2015-02-08 14:56 - 2015-02-08 14:57 - 06846309 _____ () C:\Users\LUCA\Downloads\Non confermato 383880.crdownload
    2015-02-08 14:26 - 2015-02-08 14:27 - 70508888 _____ () C:\Users\LUCA\Downloads\Ace_Stream_Media_3.0.9 (1).exe
    2015-02-08 12:19 - 2015-02-08 12:19 - 07195120 _____ (Microsoft Corporation) C:\Users\LUCA\Downloads\vcredist_x64.exe
    2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2015-02-08 12:13 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\LUCA\AppData\Roaming\Origin
    2015-02-08 12:13 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\LUCA\AppData\Local\Origin
    2015-02-08 12:11 - 2015-02-08 12:43 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-02-08 12:11 - 2015-02-08 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2015-02-08 12:11 - 2015-02-08 12:11 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
    2015-02-08 12:09 - 2015-02-08 12:10 - 17102664 _____ (Electronic Arts, Inc.) C:\Users\LUCA\Downloads\OriginThinSetup.exe
    2015-02-08 12:05 - 2015-02-08 12:05 - 00000946 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
    2015-02-08 12:05 - 2015-02-08 12:05 - 00000000 ____D () C:\Users\LUCA\Documents\FIFA 15
    2015-02-08 12:05 - 2015-02-08 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
    2015-02-08 12:04 - 2015-02-08 12:11 - 00000000 ____D () C:\ProgramData\Electronic Arts
    2015-02-08 11:12 - 2015-02-08 11:12 - 00000000 ____D () C:\Program Files (x86)\AMD
    2015-02-08 11:11 - 2015-02-08 11:14 - 00000000 ____D () C:\Program Files\AMD
    2015-02-08 11:04 - 2015-02-08 12:44 - 00000000 ___HD () C:\ProgramData\Origin
    2015-02-08 11:04 - 2015-02-08 11:04 - 00003086 _____ () C:\Windows\System32\Tasks\Origin
    2015-02-08 11:04 - 2015-02-08 11:04 - 00000948 _____ () C:\Users\LUCA\Desktop\FIFA 15 Ultimate Team Edition.lnk
    2015-02-08 10:18 - 2015-02-08 10:18 - 00109527 _____ () C:\Users\LUCA\Downloads\074580431AAF0C612B26A2D1C1841139FBA3A57F.torrent
    2015-02-06 17:52 - 2015-02-06 17:52 - 00084941 _____ () C:\Users\LUCA\Downloads\[limetorrents.cc]Game.Of.Thrones.-.Il.Trono.Di.Spade.S04e07[Mux.-.720p.-.H264.-.Ita.Eng.Ac3.-.Sub.Ita.Eng][.]HDTVMux.torrent
    2015-02-06 16:41 - 2015-02-06 16:41 - 01927528 _____ () C:\Users\LUCA\Downloads\SkyrimTraduzioneITA.rar
    2015-02-06 15:19 - 2015-02-06 15:19 - 00109376 _____ () C:\Users\LUCA\Downloads\074580431AAF0C612B26A2D1C1841139FBA3A57F [3444681].torrent

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 17:54 - 2014-09-13 15:08 - 01546746 _____ () C:\Windows\WindowsUpdate.log
    2015-03-04 17:51 - 2014-09-13 15:45 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-04 17:50 - 2014-12-01 19:51 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-03-04 17:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-04 17:49 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-04 17:49 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-04 17:34 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
    2015-03-04 17:13 - 2014-09-13 15:45 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-04 17:02 - 2014-09-24 16:52 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-02 20:37 - 2010-11-21 16:30 - 00740832 _____ () C:\Windows\system32\perfh010.dat
    2015-03-02 20:37 - 2010-11-21 16:30 - 00146886 _____ () C:\Windows\system32\perfc010.dat
    2015-03-02 20:37 - 2009-07-14 06:13 - 01658920 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-02 16:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-02 15:00 - 2014-09-13 15:54 - 00000000 ____D () C:\Program Files\Bitdefender
    2015-03-02 15:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
    2015-03-02 14:51 - 2014-12-03 20:47 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-03-02 14:41 - 2014-09-13 15:53 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
    2015-03-02 14:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
    2015-03-01 14:09 - 2014-09-13 16:16 - 00000000 ____D () C:\Users\LUCA\AppData\Roaming\vlc
    2015-02-14 11:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-12 20:20 - 2014-11-03 20:51 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
    2015-02-12 20:20 - 2014-09-13 15:58 - 00084336 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
    2015-02-12 03:22 - 2009-07-14 05:45 - 00336656 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 03:20 - 2014-12-12 04:16 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-12 03:20 - 2014-09-13 18:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-12 03:04 - 2014-09-13 16:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-08 12:19 - 2014-11-03 10:50 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-08 12:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-02-08 11:13 - 2014-09-13 15:23 - 00000000 ____D () C:\Program Files\ATI Technologies
    2015-02-06 16:41 - 2014-12-03 20:51 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V - Skyrim
    2015-02-06 11:56 - 2014-12-03 19:44 - 00000000 ____D () C:\Users\LUCA\AppData\Roaming\Foxit Scanner Images
    2015-02-05 18:28 - 2014-09-24 16:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 18:28 - 2014-09-24 16:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 18:28 - 2014-09-24 16:52 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 00:08 - 2014-09-13 15:45 - 00004146 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-04 00:08 - 2014-09-13 15:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2014-12-02 03:49 - 2014-12-02 04:40 - 2128896 _____ () C:\Users\LUCA\AppData\Local\file__0.localstorage
    2014-12-05 15:27 - 2014-12-05 15:27 - 0007607 _____ () C:\Users\LUCA\AppData\Local\Resmon.ResmonCfg
    2015-01-16 19:23 - 2015-01-16 19:23 - 0001534 _____ () C:\ProgramData\ss.ini

    Some content of TEMP:
    ====================
    C:\Users\LUCA\AppData\Local\Temp\Quarantine.exe
    C:\Users\LUCA\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-24 14:30

    ==================== End Of Log ============================







    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015
    Ran by LUCA at 2015-03-04 18:00:40
    Running from C:\Users\LUCA\Desktop\Malware remove
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ActiveState ActivePython 2.7.8.10 (32-bit) (HKLM-x32\...\{EF34E11A-5977-4234-BCDF-6328CA642BC4}) (Version: 2.7.10 - ActiveState Software Inc.)
    ActiveState ActivePython 2.7.8.10 (64-bit) (HKLM\...\{1C2C54C6-AC67-4BD7-825D-D16C10AE5ABF}) (Version: 2.7.10 - ActiveState Software Inc.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Aggiornamenti NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Aspell 0.6 Dictionary (Language: it) (HKLM-x32\...\Aspell6-Dictionary-it) (Version: - )
    Assetto Corsa (HKLM-x32\...\Assetto Corsa_is1) (Version: - )
    ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.5.0 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (x32 Version: 2.7.5.0 - ASUSTek COMPUTER INC.) Hidden
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    Call of Duty - Advanced Warfare version Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version: Call of Duty - Advanced Warfare - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
    Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Centro gestione Mouse e Tastiere Microsoft (Version: 2.3.188.0 - Microsoft Corporation) Hidden
    EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
    Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu)
    Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
    HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
    Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
    Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
    Installazione di DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
    IRXpress USB IrDA (HKLM-x32\...\{623D6ADD-2882-4F0A-BC10-C3C8477A9F8E}) (Version: 1.00.0000 - CASIO COMPUTER CO., LTD.)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LibreOffice 4.3.3.2 (HKLM-x32\...\{87C753BB-81E3-403B-BD87-6293F870B20B}) (Version: 4.3.3.2 - The Document Foundation)
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    Malwarebytes Anti-Malware versione 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Metro 2033 Redux (HKLM-x32\...\Metro 2033 Redux_is1) (Version: - )
    Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{e9c79bb5-31ef-4a80-90e9-1a39971dae23}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Nec Crassy 338 Unlocker V2.0 (HKLM-x32\...\Nec Crassy 338 Unlocker_is1) (Version: - Unlocking solution)
    NEC Mobile Drivers (HKLM-x32\...\InstallShield_{3219B3DD-743A-47ED-B449-24184AB01120}) (Version: 8.00 - NEC Corporation)
    NEC Mobile Drivers (x32 Version: 8.00 - NEC Corporation) Hidden
    NEC WMC USB_AD1 Software (HKLM-x32\...\NEC WMC USB_AD1) (Version: - )
    NEC WMC USB_BJ1 Software (HKLM-x32\...\NEC WMC USB_BJ1) (Version: - )
    NEC WMC USB_BK1 Software (HKLM-x32\...\NEC WMC USB_BK1) (Version: - )
    NEC WMC USB_T1 Software (HKLM-x32\...\NEC WMC USB_T1) (Version: - )
    NVIDIA Driver 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA Driver audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Driver grafico 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
    Pacchetto driver Windows - EventGhost USB Remote Driver (07/01/2009 1.0.0.9) (HKLM\...\9A14258C1DF49E2E31CD577E706499AB040949FC) (Version: 07/01/2009 1.0.0.9 - EventGhost)
    Pannello di controllo NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
    Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.00) (Version: 1.00 - Pesgalaxy)
    Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.01) (Version: 1.01 - Pesgalaxy)
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    PokerStars.it (HKLM-x32\...\PokerStars.it) (Version: - PokerStars.it)
    Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Communications Corp.)
    Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
    qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
    Setup - FIFA 15 Ultimate Team Edition (c) EA Sports ... (HKLM-x32\...\Setup - FIFA 15 Ultimate Team Edition (c) EA Sports ...) (Version: ... - EA)
    Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.7.5 - Shark007)
    SQLite Expert Personal 3.5.58 (HKLM-x32\...\SQLite Expert Personal 3_is1) (Version: - Bogdan Ureche)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
    Total War: ROME II Emperor Edition (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
    Traduzione Hitman Absolution[FULL ITA] versione 1.0 (HKLM-x32\...\{DAFE8B31-8E9A-41B4-B08E-E969D16FE2A3}_is1) (Version: 1.0 - Gamecrackworldue)
    Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VIA Manager Piattaforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
    x64 Components v4.7.5 (HKLM\...\Advanced x64Components_is1) (Version: 4.7.5 - Shark007)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    02-03-2015 17:20:24 luca
    03-03-2015 18:00:54 Windows Update
    04-03-2015 17:22:04 Punto di controllo di HitmanPro
    04-03-2015 17:22:54 Punto di controllo di HitmanPro

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2015-03-04 17:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {16EC708D-ED8E-4BA9-BA69-7C2325DC318D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {2B7607E1-5F36-450E-AEBC-D27DB52C4E03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
    Task: {3509C94A-CDDC-4A0B-8FB5-D1B4755B5743} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {48EA352E-8FDD-4872-A46E-68DAF7CF86A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
    Task: {4FE6A534-EC81-4E1F-83A4-BB7F406033A6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {7A61BC3E-7B63-4E7C-B08C-5D8E5B54AA76} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {8CB36ED9-6E29-4CF0-8CD6-2914C4BFE457} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-08] () <==== ATTENTION
    Task: {B846B198-A101-43B5-B958-624C0663D30D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
    Task: {D25E5008-3F96-4DAF-893E-50967E4FED79} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {F7B5C840-5256-436B-9061-4EE1DC88EC90} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-12-01 19:51 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
    2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
    2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
    2015-03-04 17:52 - 2015-03-04 17:52 - 01605120 _____ () C:\Windows\temp\svchost.exe
    2014-08-30 16:12 - 2014-08-30 16:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\LUCA\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\Ace_Stream_Media_3.0.9 (1).exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\Ace_Stream_Media_3.0.9.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\cdbxp_setup_4.5.4.5306.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\ComboFix.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\FreeRIPstub.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\kis15.0.1.415it-it.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\mbam-setup-2.0.4.1028.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\OriginThinSetup.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\PokerStarsInstallIT.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\RepartitionBadDrive.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\rufus-1.4.12.exe:BDU
    AlternateDataStreams: C:\Users\LUCA\Downloads\vcredist_x64.exe:BDU

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2198110285-402169673-2624775991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LUCA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: Ext2 Volume Manager => C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2198110285-402169673-2624775991-500 - Administrator - Disabled)
    Guest (S-1-5-21-2198110285-402169673-2624775991-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2198110285-402169673-2624775991-1002 - Limited - Enabled)
    LUCA (S-1-5-21-2198110285-402169673-2624775991-1000 - Administrator - Enabled) => C:\Users\LUCA

    ==================== Faulty Device Manager Devices =============

    Name: WAN Miniport (Network Monitor)
    Description: WAN Miniport (Network Monitor)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: NdisWan
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: WAN Miniport (IP)
    Description: WAN Miniport (IP)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: NdisWan
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: WAN Miniport (IPv6)
    Description: WAN Miniport (IPv6)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: NdisWan
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/04/2015 05:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/04/2015 05:42:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/04/2015 05:29:32 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Impossibile creare un punto di ripristino. Processo: C:\Windows\system32\wbem\wmiprvse.exe, descrizione: ComboFix created restore point, errore: 0x8007043c.

    Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine CoCreateInstance. hr = 0x8007043c, Questo servizio non può essere avviato in modalità provvisoria
    .


    Operazione:
    Creazione dell'istanza del server del servizio Copia Shadow del volume in corso

    Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 18) (User: )
    Description: Errore del servizio Copia Shadow del volume: il server COM con CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e nome IVssCoordinatorEx2 non può essere avviato in modalità provvisoria.
    Il servizio Copia Shadow del volume non può essere avviato in modalità provvisoria. [0x8007043c, Questo servizio non può essere avviato in modalità provvisoria
    ]


    Operazione:
    Creazione dell'istanza del server del servizio Copia Shadow del volume in corso


    System errors:
    =============
    Error: (03/04/2015 05:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Il servizio hl_mull non è stato avviato per il seguente errore:
    %%1275

    Error: (03/04/2015 05:50:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: Caricamento del driver \SystemRoot\SysWow64\drivers\hl_mull.SYS bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver.

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Arresto imprevista del servizio ASGT. Questo evento si è già verificato 1 volta(e).

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Arresto imprevista del servizio AMD FUEL Service. Questo evento si è già verificato 1 volta(e).

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Il servizio Spooler di stampa è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Arresto imprevista del servizio AMD External Events Utility. Questo evento si è già verificato 1 volta(e).

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Arresto imprevista del servizio NVIDIA Stereoscopic 3D Driver Service. Questo evento si è già verificato 1 volta(e).

    Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Arresto imprevista del servizio NVIDIA Display Driver Service. Questo evento si è già verificato 1 volta(e).


    Microsoft Office Sessions:
    =========================
    Error: (03/04/2015 05:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/04/2015 05:42:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/04/2015 05:29:32 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

    Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, Questo servizio non può essere avviato in modalità provvisoria


    Operazione:
    Creazione dell'istanza del server del servizio Copia Shadow del volume in corso

    Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Questo servizio non può essere avviato in modalità provvisoria


    Operazione:
    Creazione dell'istanza del server del servizio Copia Shadow del volume in corso


    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-04 17:34:09.613
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

    Date: 2015-03-04 17:34:09.535
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

    Date: 2015-03-04 17:34:09.457
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

    Date: 2015-03-04 17:34:09.379
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

    Date: 2015-03-02 13:50:39.146
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

    Date: 2015-03-02 13:50:39.068
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) II X2 550 Processor
    Percentage of memory in use: 17%
    Total physical RAM: 8190.18 MB
    Available physical RAM: 6764.61 MB
    Total Pagefile: 16378.55 MB
    Available Pagefile: 14823.83 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.44 GB) (Free:18.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (Dati) (Fixed) (Total:521.62 GB) (Free:53.41 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 4A96D7EA)
    Partition 1: (Active) - (Size=74.4 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=521.6 GB) - (Type=OF Extended)

    ==================== End Of Log ============================
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello and welcome to TSG,

    Use the instructions in the following link to show hidden files:

    http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

    Next,

    1.Download Malwarebytes Anti-Rootkit from this link:

    http://www.malwarebytes.org/products/mbar/

    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the update completes select Next.

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

    [​IMG]

    11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
    12. If no threats were found you will see the following image, Select Exit:

    [​IMG]

    13. Verify that your system is now running normally, making sure that the following items are functional:

    • Internet access
    • Windows Update
    • Windows Firewall

    14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

    15. Select "Y" from your Keyboard, tap Enter.

    16. The fix will be applied, select any key to Exit.

    17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    Thanks,

    Kevin...
     
  3. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Thanks very very much for your reply :)
    Mbar (the only program that detect the infected files) scan, detect and clean infected files, but when i reboot the system they are replaced. I've made it three times but always same problem. I've launched also fixdamage, nothing.


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17633

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 3.113000 GHz
    Memory total: 8588025856, free: 6928834560

    Downloaded database version: v2015.03.04.05
    Downloaded database version: v2015.02.25.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/04/2015 21:40:36
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\cm_km_w.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\klhk.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Ext2Fsd.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\klwtp.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\system32\DRIVERS\klpd.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\system32\DRIVERS\NuidFltr.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\irda.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\aksdf.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
    \??\C:\Windows\system32\drivers\hardlock.sys
    \SystemRoot\system32\DRIVERS\kldisk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\system32\drivers\IOMap64.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\shlwapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\shell32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\nsi.dll
    \Windows\System32\sechost.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\usp10.dll
    \Windows\System32\lpk.dll
    \Windows\System32\user32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\msctf.dll
    \Windows\System32\imm32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.03.04.05
    rootkit: v2015.02.25.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800768c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800768c970, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800768c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800766b680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4A96D7EA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848 Numsec = 156121667
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 156344576 Numsec = 1093912320

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa80082ec790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800808ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80082ec790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008088b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa8008312790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800808bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008312790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800807cb60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa8008330790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800808cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008330790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800830ab60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa8008332790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800808db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008332790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008089b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: C:\Windows\temp\lsass.exe --> [Trojan.Agent]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17633

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 3.113000 GHz
    Memory total: 8588025856, free: 7150739456

    Downloaded database version: v2015.03.04.06
    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/04/2015 21:53:34
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\System32\drivers\imofugc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\cm_km_w.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\klhk.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Ext2Fsd.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\klwtp.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\system32\DRIVERS\klpd.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\system32\DRIVERS\NuidFltr.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\irda.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\aksdf.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
    \??\C:\Windows\system32\drivers\hardlock.sys
    \SystemRoot\system32\DRIVERS\kldisk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Windows\system32\drivers\IOMap64.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\difxapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\nsi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\sechost.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\msctf.dll
    \Windows\System32\ole32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.03.04.06
    rootkit: v2015.02.25.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007672060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80076729b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007672060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007629680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4A96D7EA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848 Numsec = 156121667
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 156344576 Numsec = 1093912320

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa8008189790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f2db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008189790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f15ad0, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa80081af790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80081af790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f25b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa80081cd790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f2fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80081cd790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f21b60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa80081cf790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f30b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80081cf790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f28b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
    Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
    Infected: C:\Windows\temp\lsass.exe --> [Trojan.Agent]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17633

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 3.113000 GHz
    Memory total: 8588025856, free: 6624788480

    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/04/2015 22:08:14
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\imofugc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\cm_km_w.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\klhk.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Ext2Fsd.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\klwtp.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\system32\DRIVERS\klpd.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\system32\DRIVERS\NuidFltr.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\irda.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\aksdf.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
    \??\C:\Windows\system32\drivers\hardlock.sys
    \SystemRoot\system32\DRIVERS\kldisk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\system32\drivers\IOMap64.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\psapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\nsi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\sechost.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\lpk.dll
    \Windows\System32\msctf.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\user32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\usp10.dll
    \Windows\System32\userenv.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.03.04.06
    rootkit: v2015.02.25.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007678540, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80076779e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007678540, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800765b680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4A96D7EA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848 Numsec = 156121667
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 156344576 Numsec = 1093912320

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa800673f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f86b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800673f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f7ab60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa80081b1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f87b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80081b1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f84b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa80081d7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f82b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80081d7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f79a60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa80081f5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007f81b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80081f5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007f83b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
    Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
    Infected: C:\Windows\temp\lsass.exe --> [Trojan.Agent]
    Scan finished
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished






    Malwarebytes Anti-Rootkit BETA 1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2015.03.04.06
    rootkit: v2015.02.25.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17633
    LUCA :: DARYL [administrator]

    04/03/2015 22:08:24
    mbar-log-2015-03-04 (22-08-24).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 348709
    Time elapsed: 7 minute(s), 54 second(s)

    Memory Processes Detected: 1
    C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> 2848 -> Delete on reboot. [1274c77ab0da1a1c77aa6475857ffe02]

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot. [1274c77ab0da1a1c77aa6475857ffe02]
    C:\Windows\temp\lsass.exe (Trojan.Agent) -> Delete on reboot. [94f25de48901b97d3c737a818f75c838]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    Thanks
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK run TDSSKiller as follows:

    Please read carefully and follow these steps.
    • Download TDSSKiller from here* http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.
    • Doubleclick on [​IMG] to run the application.
    • The "Ready to scan" window will open, Click on "Change parameters"


      [​IMG]

    • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.



      [​IMG]

    • Select "Start Scan"


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin....
     
  5. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    The content of report is too big, i've attach txt file.
    Anyway TDSSkiller not detect any virus :(
     

    Attached Files:

  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Obviously we do not find the trojan that reinstall infection each time we remove it... Run the following:

    Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

    • Quit all running programs.
    • For Windows XP, double-click to start.
    • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
    • Read and accept the EULA (End User Licene Agreement)
    • Click Scan to scan the system.
    • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
    • Post back the report which should also be located here:

    C:\Programdata\RogueKiller\Logs <-------- W7/8
    C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

    Thanks,

    Kevin...
     
  7. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    RogueKiller V10.5.0.0 [Mar 2 2015] di Adlice Software
    posta : http://www.adlice.com/contact/
    Commenti : http://forum.adlice.com
    Sito Web : http://www.adlice.com/softwares/roguekiller/
    Discussione : http://www.adlice.com

    Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Iniziato in : Modalità Normale
    Utente : LUCA [Amministratore]
    Modalità : Scansione -- Data : 03/04/2015 23:58:35

    ¤¤¤ Processi : 2 ¤¤¤
    [Hj.Name?Suspicious.Path] svchost.exe(2592) -- C:\Windows\temp\svchost.exe[-] -> Eliminato [TermProc]
    [Proc.Svchost] svchost.exe(2592) -- C:\Windows\temp\svchost.exe[-] -> Eliminato [TermThr]

    ¤¤¤ Registro : 7 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPU-Z (\??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys) -> Trovato
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPU-Z (\??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys) -> Trovato
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPU-Z (\??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys) -> Trovato
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato

    ¤¤¤ Attività : 1 ¤¤¤
    [Suspicious.Path] \\Origin -- C:\ProgramData\Origin\update.vbe -> Trovato

    ¤¤¤ Archivi : 0 ¤¤¤

    ¤¤¤ Archivio Hosts : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Non caricato [0xc000036b]) ¤¤¤

    ¤¤¤ Web Browser : 0 ¤¤¤

    ¤¤¤ Controllo MBR : ¤¤¤
    +++++ PhysicalDrive0: WDC WD6400AADS-00M2B0 ATA Device +++++
    --- User ---
    [MBR] 489f00a0e717107e66cf8140085012ae
    [BSP] a99f3803971a85e21ff9ce7d1cfa523c : Windows Vista/7/8 MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
    Error reading User MBR! ([15] Dispositivo non pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Richiesta non supportata. )

    +++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
    Error reading User MBR! ([15] Dispositivo non pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Richiesta non supportata. )

    +++++ PhysicalDrive3: Generic STORAGE DEVICE USB Device +++++
    Error reading User MBR! ([15] Dispositivo non pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Richiesta non supportata. )

    +++++ PhysicalDrive4: Generic STORAGE DEVICE USB Device +++++
    Error reading User MBR! ([15] Dispositivo non pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Richiesta non supportata. )

    Thanks (y)
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Upload a File to Virustotal

    Go to http://www.virustotal.com/

    • Click the Choose file button
    • Navigate to the file C:\ProgramData\Origin\update.vbe
    • Click the Scan it tab
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Thanks....
     
  9. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    AVG JS/Heur 20150304
    Avast VBS:Decode-NJ [Trj] 20150304
    ESET-NOD32 VBS/Kryptik.DC 20150304
    GData Script.Trojan.Agent.79WIGL 20150304
    Ikarus Trojan.VBS.Crypt 20150304
    Qihoo-360 virus.vbs.crypt.c 20150305
    TrendMicro-HouseCall Suspicious_GEN.F47V0213 20150304
    ALYac 20150304
    AVware 20150304
    Ad-Aware 20150304
    AegisLab 20150304
    Agnitum 20150228
    AhnLab-V3 20150304
    Alibaba 20150304
    Antiy-AVL 20150304
    Avira 20150304
    Baidu-International 20150304
    BitDefender 20150304
    Bkav 20150304
    ByteHero 20150305
    CAT-QuickHeal 20150304
    CMC 20150304
    ClamAV 20150304
    Comodo 20150304
    Cyren 20150304
    DrWeb 20150304
    Emsisoft 20150304
    F-Prot 20150304
    F-Secure 20150304
    Fortinet 20150304
    Jiangmin 20150304
    K7AntiVirus 20150304
    K7GW 20150304
    Kaspersky 20150304
    Kingsoft 20150305
    Malwarebytes 20150304
    McAfee 20150304
    McAfee-GW-Edition 20150304
    MicroWorld-eScan 20150304
    Microsoft 20150304
    NANO-Antivirus 20150304
    Norman 20150304
    Panda 20150304
    Rising 20150304
    SUPERAntiSpyware 20150303
    Sophos 20150304
    Symantec 20150304
    Tencent 20150305
    TheHacker 20150303
    TotalDefense 20150304
    TrendMicro 20150304
    VBA32 20150304
    VIPRE 20150305
    ViRobot 20150304
    Zillya 20150303
    Zoner 20150303
    nProtect 20150304
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

    http://oldtimer.geekstogo.com/OTM.exe.
    http://www.itxassociates.com/OT-Tools/OTM.com
    http://www.itxassociates.com/OT-Tools/OTM.exe

    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

      Code:
      :Files
      C:\ProgramData\Origin\update.vbe
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    Run MBAR again, post fresh logs...

    Thank you,

    Kevin
     
  11. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    All processes killed
    ========== FILES ==========
    C:\ProgramData\Origin\update.vbe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LUCA
    ->Temp folder emptied: 1312672 bytes
    ->Temporary Internet Files folder emptied: 128 bytes
    ->Google Chrome cache emptied: 16532270 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11742534 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 28,00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 03052015_002825

    Files moved on Reboot...
    File move failed. C:\Users\LUCA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395c8fd8a867_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
    File move failed. C:\Users\LUCA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395c8fd8a867_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
    C:\Users\LUCA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\LUCA\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

    Registry entries deleted on Reboot...




    Malwarebytes Anti-Rootkit BETA 1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2015.03.04.07
    rootkit: v2015.02.25.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17633
    LUCA :: DARYL [administrator]

    05/03/2015 00:34:48
    mbar-log-2015-03-05 (00-34-48).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 348788
    Time elapsed: 8 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    Seems cleaned :)
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Yep, if we kill the source we are making very good progress, run the following:

    [​IMG] Scan with HerdProtect

    Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.

    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to install the scanner.
    • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
    • Agree to the terms, select Launch herdProtect and click Finish.
    • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
    • When it finishes click on Save Results.
    • A Notepad with a report should open.

    Please include the contents of that report in your next reply.

    This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
    Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

    Next,

    Download Security Check by screen317 from either of the following:

    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

    Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
    Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

    thank you,

    Kevin...
     
  13. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    Saved date: 05/03/2015 02:42:21
    Files detected: 207
    Files scanned: 9.639
    Processes scanned: 47
    Modules scanned: 486
    ASEPs scanned: 451
    Downloads scanned: 0
    Deep analysis: 34/4
    ---------------------------------------------------------------------------------

    Files

    ---------------------------------------------------------------------------------

    File path: c:\windows\system32\drivers\aksdf.sys
    Publisher: Aladdin Knowledge Systems Ltd.
    MD5: bc569a6c209d94f6643ee35710aec1f6
    SHA-1: ff0180117477eb07e0cbfa39f14b4731c2639baa
    Created: 09/01/2015 13:20:09
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/VBKrypt.efmc (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\windows\system32\drivers\hardlock.sys
    Publisher: Aladdin Knowledge Systems Ltd.
    MD5: d8bf3c594bd17a37960362e6c6739b90
    SHA-1: 31ea053c7db6147204e7b4773c79806cf66daeca
    Created: 09/01/2015 13:20:14
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as Heuristic.LooksLike.Win32.Suspicious.B (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\desktop\securitycheck.exe
    Publisher:
    MD5: 1a0dcb7c514c7eda5e5cd83cc9ea0ef5
    SHA-1: a7bfa412ce151bda85fad761f6c632e5e6ec68c1
    Created: 05/03/2015 02:03:20
    Detections: 6
    Determination: Inconclusive
    - McAfee as Artemis!1A0DCB7C514C (Undefined)
    - Trend Micro House Call as Suspicious_GEN.F47V0226 (Undefined)
    - McAfee Web Gateway as BehavesLike.Win32.Dropper.cc (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)
    - Antiy Labs AVL as Trojan[:HEUR]/Win32.Unknown (Undefined)
    - Kingsoft AntiVirus as VIRUS_UNKNOWN (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\desktop\malware remove\combofix.exe
    Publisher: Swearware
    MD5: 804ba1d5dfd9810a7cb345b2c76961ba
    SHA-1: 04a8e4c0a84850c2a1e4edc326346f6f0394aec4
    Created: 02/03/2015 13:41:49
    Detections: 7
    Determination: Ignore detections (false positive)
    - K7 Gateway Antivirus as Riskware (Undefined)
    - K7 AntiVirus as Riskware (Undefined)
    - McAfee Web Gateway as BehavesLike.Win32.Packed.tc (Undefined)
    - Sophos as NirCmd
    - Jiangmin as Trojan/JmGenGeneric.boe (Undefined)
    - McAfee as Artemis!804BA1D5DFD9 (Undefined)
    - Rising Antivirus as PE:Trojan.Win32.Generic.15632D02!358821122 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\desktop\malware remove\frst64.exe
    Publisher: Farbar
    MD5: 21efeb1489c08a6bdd019724b0db19c4
    SHA-1: 7221b63ef0c52734b31b1a15871a23f0300c4f87
    Created: 03/03/2015 18:43:04
    Detections: 1
    Determination: Ignore detections (false positive)
    - Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\desktop\malware remove\frst-olderversion\frst64.exe
    Publisher: Farbar
    MD5: 51c9cf9ee55d40142ea4ad86de1ab8d1
    SHA-1: 040c6c4f4a688fa788b3d539709db9787ac6780f
    Created: 03/03/2015 18:43:04
    Detections: 1
    Determination: Ignore detections (false positive)
    - Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\desktop\wiidownloader (+cache)\wiidownloader\database\modmii\modmiiskin.exe
    Publisher:
    MD5: 2c65d376893f0297716becd39ad4b4ff
    SHA-1: 2f8920218032d98baf8c1d702ef6df7638938865
    Created: 18/12/2014 20:01:56
    Detections: 1
    Determination: Inconclusive
    - F-Prot as W32/Undefined.Threat

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\desktop\wiidownloader (+cache)\wiidownloader\database\modmii\support\nircmd.exe
    Publisher: NirSoft
    MD5: dd7686c33351e9b8e67d6aa6b4352b73
    SHA-1: b4e8ff898639edfd7ca94405beba7a91824bab79
    Created: 18/12/2014 20:01:55
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)
    - Sophos as NirCmd

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\desktop\wiidownloader (+cache)\wiidownloader\database\modmii\support\sfk.exe
    Publisher:
    MD5: 64a3599a1828abef3f16f3263f9a381a
    SHA-1: 5f03fb0ca8959a8fc31c0461b92a6c3e54dcdd44
    Created: 18/12/2014 20:01:55
    Detections: 1
    Determination: Inconclusive
    - Microsoft Security Essentials as TrojanDropper:Win32/Lamechi.B (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\windows\grep.exe
    Publisher:
    MD5: 9e05a9c264c8a908a8e79450fcbff047
    SHA-1: 363b2ee171de15aeea793bd7fdffd68d0feb8ba4
    Created: 02/03/2015 13:42:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\windows\mbr.exe
    Publisher:
    MD5: 0277c027a26428db64ef4f64f52bb4fd
    SHA-1: 2f16becf7898ac2f5bdca9f80810c66143500e3e
    Created: 02/03/2015 13:42:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Kingsoft AntiVirus as Win32.HeurC.KVM003.a.(kcloud) (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\windows\pev.exe
    Publisher:
    MD5: f042ee4c8d66248d9b86dcf52abae416
    SHA-1: 4cd785c7c3e40c42e3d126086d986c4d4d940bb2
    Created: 02/03/2015 13:42:32
    Detections: 2
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.CDB (Undefined)
    - XVirus List as Win.Detected (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\windows\zip.exe
    Publisher:
    MD5: 5e832f4faf5f481f2eaf3b3a48f603b8
    SHA-1: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d
    Created: 02/03/2015 13:42:32
    Detections: 2
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.Clod7f4.Trojan (Undefined)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\windows\system32\atiapfxx.exe
    Publisher: Advanced Micro Devices, Inc.
    MD5: 7c16b85c0579859a4854460a6da18b5d
    SHA-1: 0c40fc4f7247a62a49bd0651607029644675922e
    Created: 30/04/2013 05:58:36
    Detections: 1
    Determination: Ignore detections (false positive)
    - Clam AntiVirus as PUA.Win32.Packer.SetupExeSection

    ---------------------------------------------------------------------------------

    File path: c:\windows\system32\atig6pxx.dll
    Publisher: Advanced Micro Devices, Inc.
    MD5: c45e6f240254829cea638e2d70d1042d
    SHA-1: ddc5d0d287df706d1786c1bb7316ad8a0d71e903
    Created: 30/04/2013 04:48:38
    Detections: 1
    Determination: Ignore detections (false positive)
    - AegisLab AV Signature as Troj.W32.VBKrypt (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\windows\syswow64\atiumdva.dll
    Publisher: Advanced Micro Devices, Inc.
    Signer: AMD PMP-PE CB Code Signer v20130304
    MD5: 2040180264b936f05e8460c3c4a7bd2c
    SHA-1: 00d04bcbd943ed92b17111e6ebec37cfe32fc115
    Created: 30/04/2013 06:19:32
    Detections: 2
    Determination: Ignore detections (false positive)
    - Jiangmin as Win32/Virut.bn
    - Bkav FE as HW32.Nonim (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\windows\syswow64\cvirte.dll
    Publisher: National Instruments
    MD5: c1eaf33757312e95858ecf808da943e4
    SHA-1: c0199c3493678b98ba5f494246b7f0f3eeb66a29
    Created: 09/01/2015 13:23:18
    Detections: 1
    Determination: Ignore detections (false positive)
    - Vba32 AntiVirus as BScope.Trojan-Dropper.Injector (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\windows\syswow64\iscsicpl.dll
    Publisher: Microsoft Corporation
    MD5: f945adcef203e6104aec8ec9c337cfd0
    SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
    Created: 14/07/2009 01:46:13
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoA (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\klavasyswatch.dll
    Publisher: Kaspersky Lab ZAO
    MD5: 06c3404cd992e34a54c5aa97ed10108f
    SHA-1: ec8d42a2c2e67c1ae2408b4b171492cae0d7c6ce
    Created: 02/03/2015 14:12:32
    Detections: 2
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)
    - CMC Antivirus as Heur.Win32.Obfuscated.1!O (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\rollback.dll
    Publisher: Kaspersky Lab ZAO
    MD5: c54281461dee2d1eb0e1132fa6ea2569
    SHA-1: 46f0abf6c673906129530ce1d149c3b348234164
    Created: 02/03/2015 14:12:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\swmon.kdl
    Publisher: Kaspersky Lab ZAO
    MD5: 903327b7fa2743a23abf1756fa364032
    SHA-1: 7577390fd58f04db9a72b531151b49ecfe027b3a
    Created: 02/03/2015 14:12:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\swmon_drv.kdl
    Publisher: Kaspersky Lab ZAO
    MD5: 0934326ba27099f9b8a28a5d897cec9d
    SHA-1: 1bcaca95af48ac8a9f5160cf1e2de2c4b981d1ee
    Created: 02/03/2015 14:12:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\sys_critical_obj.dll
    Publisher: Kaspersky Lab ZAO
    MD5: df0b8ec405e6f1bc83fd4669a4225fa5
    SHA-1: 51b1156adff60fd2291bf483ffc23eb6e69c008d
    Created: 02/03/2015 14:12:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-DTR.G

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\arkmon.kdl.aeeec152e3e81f218d27686fcaf9d774
    Publisher: Kaspersky Lab ZAO
    MD5: aeeec152e3e81f218d27686fcaf9d774
    SHA-1: 0830b8f85ab365a9bdb664983c28b9325e8e824d
    Created: 02/03/2015 14:46:47
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\kavsys.kdl.6320146b23a54cc3a482468b7b46e6a4
    Publisher: Kaspersky Lab ZAO
    MD5: 6320146b23a54cc3a482468b7b46e6a4
    SHA-1: a5f3808a6e52c565b180730600c90eea922ea4e2
    Created: 02/03/2015 14:46:47
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\kjim.kdl.d266d700a30a91462cc4a509417db5ea
    Publisher: Kaspersky Lab ZAO
    MD5: d266d700a30a91462cc4a509417db5ea
    SHA-1: 9d5d75669c6531c12c42f59ea0da88fc61e044e7
    Created: 02/03/2015 14:46:36
    Detections: 2
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)
    - CMC Antivirus as Heur.Win32.Obfuscated.1!O (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\klavasyswatch.dll.0000000000117200-01d054ea8b136919-01d054ed2cb8378a
    Publisher: Kaspersky Lab ZAO
    MD5: 06c3404cd992e34a54c5aa97ed10108f
    SHA-1: ec8d42a2c2e67c1ae2408b4b171492cae0d7c6ce
    Created: 02/03/2015 14:46:50
    Detections: 2
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)
    - CMC Antivirus as Heur.Win32.Obfuscated.1!O (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\mark.kdl.6c69ef8fd152138b474ef4e5105233c9
    Publisher: Kaspersky Lab ZAO
    MD5: 6c69ef8fd152138b474ef4e5105233c9
    SHA-1: 7218b9a45b248ab13ff8e04d6de58661d848a283
    Created: 02/03/2015 14:46:36
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\qscan.kdl.b2ff916870cb69af1da84f4b229ebcec
    Publisher: Kaspersky Lab ZAO
    MD5: b2ff916870cb69af1da84f4b229ebcec
    SHA-1: 832d1951026c9e973d10e175dc7f7af14d8eec0b
    Created: 02/03/2015 14:46:36
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\rollback.dll.0000000000027c00-01d054ea8b1a8d3a-01d00f9a09f25100
    Publisher: Kaspersky Lab ZAO
    MD5: c54281461dee2d1eb0e1132fa6ea2569
    SHA-1: 46f0abf6c673906129530ce1d149c3b348234164
    Created: 02/03/2015 14:38:39
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\swmon.kdl.0000000000019800-01d054ea8b1a8d3a-01d054ef3f8776d0
    Publisher: Kaspersky Lab ZAO
    MD5: 903327b7fa2743a23abf1756fa364032
    SHA-1: 7577390fd58f04db9a72b531151b49ecfe027b3a
    Created: 02/03/2015 14:46:50
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\swmon_drv.kdl.0000000000018600-01d054ea8b1cee9a-01d054ef3fcd8186
    Publisher: Kaspersky Lab ZAO
    MD5: 0934326ba27099f9b8a28a5d897cec9d
    SHA-1: 1bcaca95af48ac8a9f5160cf1e2de2c4b981d1ee
    Created: 02/03/2015 14:46:50
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsReno (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\sys_critical_obj.dll.0000000000023800-01d054ea8b1f4ffb-01d00f9a09f25100
    Publisher: Kaspersky Lab ZAO
    MD5: df0b8ec405e6f1bc83fd4669a4225fa5
    SHA-1: 51b1156adff60fd2291bf483ffc23eb6e69c008d
    Created: 02/03/2015 15:02:43
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-DTR.G

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
    Publisher:
    MD5: d1f58aeac19634e39d915c29a098ca01
    SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
    Created: 05/03/2015 02:20:05
    Detections: 2
    Determination: Ignore detections (false positive)
    - The Hacker as Trojan/Dropper.gen (Undefined)
    - Jiangmin as Trojan/Generic.birzy (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
    Publisher: NirSoft
    MD5: 9cb3a38088807f54e7f89ac30e09c030
    SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
    Publisher:
    MD5: 3a34d017aa4e5c11f2a329ab04da17f4
    SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
    Created: 05/03/2015 02:20:05
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\program files\daum\potplayer\module\bass64\bass_flac.dll
    Publisher: Un4seen Developments
    MD5: f52fb15993da401a1b021c0e9cdb508d
    SHA-1: 353ab82256aa82567ada12f9cba01b15fbd42997
    Created: 01/08/2014 05:48:12
    Detections: 1
    Determination: Ignore detections (false positive)
    - Trend Micro House Call as Suspicious_GEN.F47V0825 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files\daum\potplayer\module\bass64\bass_tta.dll
    Publisher: MaresWEB
    MD5: ef91ab402012911e7c8191403cc03a02
    SHA-1: 56696501a3da85152e7bdad9c4b5022c1da68dce
    Created: 27/07/2012 08:47:22
    Detections: 2
    Determination: Ignore detections (false positive)
    - Jiangmin as TrojanSpy.Delf.bix (Undefined)
    - ViRobot as JS.A.Pakes.14336.A (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files\daum\potplayer\module\bass64\bass_wv.dll
    Publisher: Un4seen Developments
    MD5: 2f5874ead267700b2bdf57a3d2dfbe5a
    SHA-1: 75b8a1a1e7c731e4f55d44a57e91c58b16f3004c
    Created: 22/07/2014 10:32:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Trend Micro House Call as Suspicious_GEN.F47V0821 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\asus\gpu tweak\gpu-z.dll
    Publisher:
    Signer: TechPowerUp Ltd
    MD5: fde350a4c3d4b9143f6315667437fc41
    SHA-1: d742cfdc96617326d7a5093d47200f9a528f8ea2
    Created: 23/10/2014 23:02:00
    Detections: 1
    Determination: Ignore detections (false positive)
    - Agnitum Outpost as Packed/PECompact

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\asus\gpu tweak\vga_ppid_dll.dll
    Publisher:
    MD5: bf375b3506db6c5aa7627348ae9ec8f4
    SHA-1: ca210eaa8108c5c11f220414620ff14ad3cff8af
    Created: 25/02/2014 17:22:12
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\cdburnerxp\bass.dll
    Publisher: Un4seen Developments
    MD5: 8005750ec63eb5292884ad6183ae2e77
    SHA-1: c83e31655e271cd9ef5bff62b10f8d51eb3ebf29
    Created: 16/01/2015 19:28:02
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.CDB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\cdburnerxp\bassmix.dll
    Publisher: Un4seen Developments
    MD5: 14cb1c17e4a4b2cf3b939a271f5c4d3e
    SHA-1: 731f09005147da048adf41577b71ac30155e0632
    Created: 16/01/2015 19:28:02
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.CDB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\cdburnerxp\basswv.dll
    Publisher: Un4seen Developments
    MD5: 81cd30daf364ad06e88c11d2171d8117
    SHA-1: d3d419933fc63af2dfdeef5065d1dbd9ffacbd20
    Created: 16/01/2015 19:28:02
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.CDB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\cdburnerxp\cdbxp.dll
    Publisher: CDBurnerXP Software
    MD5: 359b59095603b44f336a597bf1bf2def
    SHA-1: 7eb95fd5042c484d8cb7b39fca14a82d6613fd0b
    Created: 16/01/2015 19:28:03
    Detections: 1
    Determination: Ignore detections (false positive)
    - CMC Antivirus as Trojan.MSIL.Agent!O (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\divx\divx player\dpxplugins\dpxdcfservicesplugin.dll
    Publisher:
    MD5: 4e9f38b7da2706c681beabc52ba676c7
    SHA-1: 49eb1005acddd577fa529ec0e9a102f6804d7ed8
    Created: 19/08/2014 06:31:08
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.TsCabk (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\installshield installation information\{758c8301-2696-4855-af45-534b1200980a}\issetup.dll
    Publisher: Flexera Software LLC
    MD5: 93915bb83b6d34b4c3352d4e5bf6bca2
    SHA-1: 5dbf8f9386674b45fa32cb90fbcc9c609ed3a060
    Created: 07/10/2014 21:38:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.CDB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\kaspersky lab\kaspersky internet security 15.0.1\microsoft.practices.servicelocation.dll
    Publisher: Microsoft
    Signer: Microsoft Corporation
    MD5: 6df78bb163d443d95b21f58808320af7
    SHA-1: a0263ec61435d1ee4c18a92a06ac3ea2c42eb730
    Created: 30/08/2014 17:11:48
    Detections: 1
    Determination: Inconclusive
    - XVirus List as Win.Detected (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\kaspersky lab\kaspersky internet security 15.0.1\kaspersky restore utility\microsoft.practices.servicelocation.dll
    Publisher: Microsoft
    Signer: Microsoft Corporation
    MD5: 6df78bb163d443d95b21f58808320af7
    SHA-1: a0263ec61435d1ee4c18a92a06ac3ea2c42eb730
    Created: 30/08/2014 17:11:48
    Detections: 1
    Determination: Inconclusive
    - XVirus List as Win.Detected (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\nec\drivers\serialconv\winnt\ser2pl.sys
    Publisher: Prolific Technology Inc.
    MD5: fd245689004356aa2928b678736b9abd
    SHA-1: d2940684aebbbc7f1978a53a1f4d67eed501e6c0
    Created: 30/08/2005 14:17:56
    Detections: 8
    Determination: Inconclusive
    - F-Prot as W32/SuspPack.AA.gen (Undefined)
    - Avira AntiVirus as TR/Crypt.XPACK.Gen
    - AVG as Trojan horse Corrupted (Undefined)
    - The Hacker as Trojan/OnLineGames.spxp (Undefined)
    - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K
    - Jiangmin as Rootkit.Agent.bxo (Undefined)
    - Commtouch SDK as W32/SuspPack.AA.gen!Eldorado (Undefined)
    - Qihoo 360 Security as Malware.QVM00.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\pokerstars.it\pokerstarsuninstall.exe
    Publisher:
    MD5: 22e44a775618dfa820afa52c24d2967a
    SHA-1: b93b3d0ce77a2b2e528f89c9c46f1aad34d380ac
    Created: 01/02/2015 02:55:02
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as BehavesLike.Win32.PWSZbot.fh (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\kiessilentupdateagent.exe
    Publisher:
    MD5: 35a25cd99987f4be161dacc28a0097f3
    SHA-1: 9e432611832b96fbf485aaff4bea027b6c19922d
    Created: 30/04/2014 19:44:08
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.Clod3bb.Trojan (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\external\mscdecryptioncore.dll
    Publisher:
    MD5: ed81bd1a0489786d29bf034d1bc70e5c
    SHA-1: 704ed2b47e64df5969a6f6539c1b46ddfae76553
    Created: 30/04/2014 19:43:50
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Downloader.H

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\external\devicemodules\errorreport.exe
    Publisher:
    MD5: 7752b3b02a3ee9634c5f2b293c624f18
    SHA-1: 232ad120877e0e2430c6536a88825fd3e75209a4
    Created: 30/04/2014 19:43:42
    Detections: 1
    Determination: Ignore detections (false positive)
    - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\external\devicemodules\starburnx12.dll
    Publisher: Rocket Division Software
    Signer: Rocket Division Code Signing Services
    MD5: 36a27d06e0abfaf26fc34e62076031c9
    SHA-1: 54e1b5be175ed19fe041066e52d4454b44ac80df
    Created: 30/04/2014 19:43:40
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.Laneul (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\external\mediamodules\bass.dll
    Publisher: Un4seen Developments
    MD5: b2f3a33416a83666a59470539e9d3701
    SHA-1: 6741ba00b64584d7b61087c429f3eaf0eedc7e8c
    Created: 30/04/2014 19:43:44
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.CDB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\external\transmodules\tg_cam.exe
    Publisher: ENJsoft corp.
    MD5: e429487276e8d0bf38a22112922fb2e1
    SHA-1: dd0de746d139cbf4357897a6ca003929d495ad22
    Created: 30/04/2014 19:43:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Emsisoft Anti-Malware as Gen:[email protected] (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\external\transmodules\tg_faad.dll
    Publisher: ENJsoft corp.
    MD5: 8d68890de856ef260c16fb0a5023b88c
    SHA-1: 4ca494c6bb29a75363fb33d325212c2e20c74622
    Created: 30/04/2014 19:43:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\samsung\kies\external\transmodules\tg_vresize.dll
    Publisher: ENJsoft corp.
    MD5: 35cf2b4dbbec46a39f16348351bcbe15
    SHA-1: 842826e3f8687865ce4968010e175f1bc4f03574
    Created: 30/04/2014 19:43:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.Laneul (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\shark007\advanced\filters\bassopus.dll
    Publisher: Un4seen Developments
    MD5: 39275510e10e8b748583313b2155426e
    SHA-1: efe507c46500e7807dd79deab76d6f1e38412604
    Created: 23/08/2012 09:43:16
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.CDB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\shark007\advanced\tools\conflict.exe
    Publisher: Shark007
    MD5: 855789d320c9cef490ba8df01ddbb9f8
    SHA-1: d6f4f14dae36d1addba590774d82d99b97066d0e
    Created: 21/01/2010 00:00:30
    Detections: 1
    Determination: Ignore detections (false positive)
    - ViRobot as Trojan.Win32.A.Autoit.748330 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\shark007\advanced\tools\divfix++.exe
    Publisher:
    MD5: c9016ad0c7abd1a1bb515d7a5e3d81ab
    SHA-1: 5e7b0672e5da432e7e21f6819c4a85acb7a27c74
    Created: 17/10/2009 05:14:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\shark007\advanced\tools\installedcodec.exe
    Publisher: NirSoft
    Signer: Nir Sofer
    MD5: 6b324d5e73d4f274945a76bbe262574d
    SHA-1: 56d88074e048d34fa98181e59231f52cab589a9f
    Created: 27/07/2013 15:09:46
    Detections: 1
    Determination: Ignore detections (false positive)
    - The Hacker as Posible_Worm32 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\shark007\advanced\tools\settings32.exe
    Publisher: Shark007
    MD5: c3401d8afbb635cf9716c9727d723b44
    SHA-1: cca234e6c32915d9ddc18c6e476ac5148ebc0161
    Created: 01/09/2014 23:25:06
    Detections: 2
    Determination: Ignore detections (false positive)
    - CMC Antivirus as Trojan.Win32.Generic!O (Undefined)
    - McAfee Web Gateway as BehavesLike.Win32.Ransom.th (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\the elder scrolls v - skyrim\binkw32.dll
    Publisher: RAD Game Tools, Inc.
    MD5: 6c16d545b0717830773fb1ba4a195778
    SHA-1: 4d205ef5ab7664f2e2b1de7b951824afa769ed61
    Created: 03/12/2014 20:54:14
    Detections: 1
    Determination: Ignore detections (false positive)
    - Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\the elder scrolls v - skyrim\skyrimlauncher.exe
    Publisher: Bethesda Softworks
    Signer: Bethesda Softworks
    MD5: 82b65df3bb2af89d5f87b3595b8c7062
    SHA-1: 1d45c499cab1cc8c458c960b4021eb8e5b4ed4ce
    Created: 03/12/2014 20:54:57
    Detections: 1
    Determination: Ignore detections (false positive)
    - Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\the elder scrolls v - skyrim\steamclient.dll
    Publisher: THEGFW
    MD5: fede45b71b5682aa54d2037cb6079061
    SHA-1: 27837e691da28e2ced1647bb5fbdd2b02006474b
    Created: 03/12/2014 21:14:07
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\unigine\heaven benchmark 4.0\bin\heaven.exe
    Publisher: Unigine Corp.
    MD5: 2eecc08f2907caa46338e56c0f63840b
    SHA-1: bb6277977f8c48fa5a97d709580728a109fed71a
    Created: 02/12/2014 03:32:48
    Detections: 1
    Determination: Ignore detections (false positive)
    - Commtouch SDK as W32/Trojan.NCDA-2325 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\unigine\valley benchmark 1.0\bin\valley.exe
    Publisher: Unigine Corp.
    MD5: 2adbf23a7476d0efb584f2238d33c1b4
    SHA-1: 806ea62f81e715263f9418a0a26cc6933ad5e293
    Created: 02/12/2014 04:38:33
    Detections: 1
    Determination: Ignore detections (false positive)
    - Commtouch SDK as W32/Trojan.NFDU-2325 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\via\setup\viahdaud\hdauddrvista64.dll
    Publisher:
    MD5: b32e61413ce83036e9525797f8ec36cf
    SHA-1: d7f0a9c5fceb69dbc9e62a433a77bbb7efd96989
    Created: 13/09/2014 16:29:04
    Detections: 1
    Determination: Ignore detections (false positive)
    - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious.H

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\axvlc.dll
    Publisher: VideoLAN
    MD5: 620273de75aafb345e39116bbe46409c
    SHA-1: 6fb69cf71d52880729a8485aa6001745caa168cf
    Created: 23/07/2014 01:29:12
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\uninstall.exe
    Publisher:
    MD5: 52437302e4a48a6915afe987423a1587
    SHA-1: 498594d713f5cf091d1f4710e77591284bf1aa86
    Created: 13/09/2014 17:16:36
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.Packed (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\access\libaccess_attachment_plugin.dll
    Publisher:
    MD5: 72907a3aa40ba1a13c0d1ff134ea1e80
    SHA-1: 37e57dd0b4853147f552282bcd82d03274598778
    Created: 23/07/2014 01:29:18
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\access\libaccess_tcp_plugin.dll
    Publisher:
    MD5: 1cc206bbc073f5a30b5fd98d7b81041f
    SHA-1: 39cdb740b988ee6bcb5121036b86661b8c0488a8
    Created: 23/07/2014 01:29:18
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\access\libaccess_udp_plugin.dll
    Publisher:
    MD5: dd0fbb4147982665508f3dfd0d5f7cea
    SHA-1: c66894749a09da7dc519f278da25eaa388ea07aa
    Created: 23/07/2014 01:29:18
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\access\libidummy_plugin.dll
    Publisher:
    MD5: 3982b69f6313c3f55e574d8305de89c0
    SHA-1: 23df9e18d6e9511be4f7d63fec5ed5d4a87b654a
    Created: 23/07/2014 01:29:18
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\access\libscreen_plugin.dll
    Publisher:
    MD5: 3d0807b283157d416998a96ba0c650a7
    SHA-1: 8ef3e936d2fae14dd3362233045223003d7941d1
    Created: 23/07/2014 01:29:18
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\access\libsdp_plugin.dll
    Publisher:
    MD5: e622d5e70fa9ae18f6237cc392ef74c6
    SHA-1: cf7a3d9e31e7ec1fa5d71b87f4bf9018ec342fd7
    Created: 23/07/2014 01:29:20
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\access_output\libaccess_output_dummy_plugin.dll
    Publisher:
    MD5: 61dd8f144c2c7332afaa2aee55ccfbba
    SHA-1: 18b74499f8e7752188fe7b1b7ff8176b075449e7
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libaudio_format_plugin.dll
    Publisher:
    MD5: 14556b4ef8e4f800b052fcca50bf529b
    SHA-1: 96ff71e8d0fd0060b4945e2d2b6fd67af3198d76
    Created: 23/07/2014 01:29:28
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libgain_plugin.dll
    Publisher:
    MD5: 82c30afadedfb6fd776e3388675c687d
    SHA-1: 15d66ecbe12bf638a625788ea02d152821f05af1
    Created: 23/07/2014 01:29:28
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libkaraoke_plugin.dll
    Publisher:
    MD5: 8818fb1e133630d2daef256085fab870
    SHA-1: b309f03c85697aefd331b1198f2469cf55e468dc
    Created: 23/07/2014 01:29:28
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libparam_eq_plugin.dll
    Publisher:
    MD5: 0238deb66c3bc6181d05d612292faab6
    SHA-1: 499223d2fc14fffb5081c633db884357b778aa04
    Created: 23/07/2014 01:29:28
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libremap_plugin.dll
    Publisher:
    MD5: 2d0f43525b8e1a49d45083e37fc07baa
    SHA-1: aae8b5c42cc27c45f15807717704e8b631993148
    Created: 23/07/2014 01:29:28
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libstereo_widen_plugin.dll
    Publisher:
    MD5: f45011c93f16c369d2873d2674126829
    SHA-1: c65c379b27d7b61d4f321b9c352f803c26ed2399
    Created: 23/07/2014 01:29:28
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_mixer\libfloat_mixer_plugin.dll
    Publisher:
    MD5: 50547aab6ea07d139f8a15d3924bbba4
    SHA-1: d814ee24f4b14b621f293001783a4c67d002a444
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_mixer\libinteger_mixer_plugin.dll
    Publisher:
    MD5: d77136c1a1b90fcda738a3fdce0bd0ca
    SHA-1: af202c5692c816a07cf1fee01b03537b128b4c18
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_output\libadummy_plugin.dll
    Publisher:
    MD5: 4c8347cefdac76a5454aff83b0e06ea0
    SHA-1: 0ceeb1362e6177fb78250fd2d894c0591a2e7188
    Created: 23/07/2014 01:29:48
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\audio_output\libmmdevice_plugin.dll
    Publisher:
    MD5: a9e0ed795e3f4665ea403bf4463d89be
    SHA-1: dd4aa79789acdc9681b8ae3babb961b5e5d62bde
    Created: 23/07/2014 01:29:48
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libcdg_plugin.dll
    Publisher:
    MD5: 96f24d15e15367c31ad360c538b00486
    SHA-1: e41b6a6ead3c3f63d6b1e2435f7d32cf10a1026c
    Created: 23/07/2014 01:29:48
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libcrystalhd_plugin.dll
    Publisher:
    MD5: 92be1d2e18645d6e1efc1e261f24c68f
    SHA-1: 6e763dedb9038cefa4d58faa77847c8452b3fc64
    Created: 23/07/2014 01:29:48
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libdmo_plugin.dll
    Publisher:
    MD5: 26974c60143dcfb5ffc7c1ae1301e836
    SHA-1: 6763bb3f7697f85aa9a1af1df9f85e0455f1c112
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libedummy_plugin.dll
    Publisher:
    MD5: 512f3b29eeb9f92d039b89771867dceb
    SHA-1: 57b2e82078f1665c2617aec92fea829162e36668
    Created: 23/07/2014 01:29:46
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libg711_plugin.dll
    Publisher:
    MD5: 962f04ad5e9d918b01173a25978c915f
    SHA-1: 6118e2e30fa62d83918e66ed4f11299eed28f6a5
    Created: 23/07/2014 01:29:46
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\librawvideo_plugin.dll
    Publisher:
    MD5: e55803b3b2612ee7a6998ee9c6045705
    SHA-1: d47c9f924a922524423e0344b6044fe943f0c4a3
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libsubsusf_plugin.dll
    Publisher:
    MD5: 8dd6eece5ed24f45c10504bb727987f6
    SHA-1: 3beeee634398b9840bfcddc13a6ee3d3293aed45
    Created: 23/07/2014 01:29:48
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libt140_plugin.dll
    Publisher:
    MD5: 572dcedc54dff2fa94c6d834247a43a1
    SHA-1: 0218595c45077ec3ca631ea8f8fa8e4e0f7b09eb
    Created: 23/07/2014 01:29:48
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\codec\libtwolame_plugin.dll
    Publisher:
    MD5: 9b5608825cc83f730d9e4496bde26b41
    SHA-1: faac8b577bf7aa0e58627c2e6d6fb3229549cd57
    Created: 23/07/2014 01:29:46
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libdemuxdump_plugin.dll
    Publisher:
    MD5: 3a7497f5f7cc4134dcf1bdc28839686e
    SHA-1: 9f00e30af533df40eb03082ad89405e454ece27f
    Created: 23/07/2014 01:29:14
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libdemux_cdg_plugin.dll
    Publisher:
    MD5: aac01389abbf03a362aff4778489e16e
    SHA-1: 2587e66bdf69d4b2e4694d853fc8d758a1b4200f
    Created: 23/07/2014 01:29:16
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libdirac_plugin.dll
    Publisher:
    MD5: bbfbc09f52922a0b76bd16854f547518
    SHA-1: 54b237364bbefa3627c037ecaa1412271740fe60
    Created: 23/07/2014 01:29:16
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libgme_plugin.dll
    Publisher:
    MD5: 4daffc403c6fd7a340a5b2022fafc4b1
    SHA-1: 41cbbd05ad416cae4010241f9631b9a8ecd91e20
    Created: 23/07/2014 01:29:14
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libh264_plugin.dll
    Publisher:
    MD5: bbafc45e95b8e85bf1e7a7513b85c94e
    SHA-1: 8c5eae5dba4386c6d8d7e0dc8647a8f9a5f77f37
    Created: 23/07/2014 01:29:16
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libmpgv_plugin.dll
    Publisher:
    MD5: e7d9a02093ef4ffd620e1d547d36447a
    SHA-1: c0213beb0ea7cb44cb696103cc56fc19bf07159e
    Created: 23/07/2014 01:29:16
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libnsc_plugin.dll
    Publisher:
    MD5: 61114ebd6c3d188218bfcc458a39c257
    SHA-1: 62dd26695cb794a3dd1e2f2d08e9cbb3a9ba1ce1
    Created: 23/07/2014 01:29:14
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libps_plugin.dll
    Publisher:
    MD5: 347924c87b35c211a62a745a33b27e27
    SHA-1: a201ef02862aee971cf7d9e83eccd6741b5c984b
    Created: 23/07/2014 01:29:14
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\librawaud_plugin.dll
    Publisher:
    MD5: f85b4fe51e86f3b2428fa8881317b05e
    SHA-1: 694872b79167957905e228281aa27111caae2175
    Created: 23/07/2014 01:29:14
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\demux\libvc1_plugin.dll
    Publisher:
    MD5: 953516b246c739491aa64eff59c804b0
    SHA-1: dde0c5b340653777b20148fa92bb45e3357a67ef
    Created: 23/07/2014 01:29:16
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\misc\libstats_plugin.dll
    Publisher:
    MD5: ffc6e3a43b692d02c0446b4eb7e862cc
    SHA-1: 2a2353eff505de11e9c14a969ac4454f9e2299f6
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\misc\libxml_plugin.dll
    Publisher:
    MD5: 9d85efd877042c04177bf4e31055cabb
    SHA-1: 5564ea3f38cf190321cbd56d94e9dec16489cf3a
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\mmx\libi420_rgb_mmx_plugin.dll
    Publisher:
    MD5: 3395ca3cc5e25374f64f453bf2080d8d
    SHA-1: 8fe38437399ec351166427f4ee2ef70a102a69b4
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\mmx\libi420_yuy2_mmx_plugin.dll
    Publisher:
    MD5: 678edae0676dc3d4be7ebeafa366fa4a
    SHA-1: 31611532100e542a2bdc127326027aa82c4c3f83
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\mmx\libi422_yuy2_mmx_plugin.dll
    Publisher:
    MD5: 39ae6434d28314b1b22a6005c9ac18c9
    SHA-1: f7178c6a58d4d6571da4c78073a2f6475030c3fb
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\mux\libmux_dummy_plugin.dll
    Publisher:
    MD5: dbd05a4ce7f3a0a5b7474dd2e0e2f30d
    SHA-1: ae75737dc743a4a079011eb37edabc644841e225
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\mux\libmux_ps_plugin.dll
    Publisher:
    MD5: 0c9c3dd3691213af5d411dcf5d6b46db
    SHA-1: 1e0b0e1923354763540922b7401672c623b566b9
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\mux\libmux_ts_plugin.dll
    Publisher:
    MD5: 0487e3170c9d375b9ffe03554c9ef181
    SHA-1: 6d0957d0ebcb52a637411d6a6ff2f99a8ca1cf93
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\services_discovery\libmediadirs_plugin.dll
    Publisher:
    MD5: 598b0f34d77c728eabefcfa1e886cd24
    SHA-1: 21af0ba2986539f7b3b534110fb96921d5b7f64a
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\sse2\libi420_rgb_sse2_plugin.dll
    Publisher:
    MD5: 10c333d3f8823932f8c504fbb970bff4
    SHA-1: fa565fbc71cb3473630cf38787a40f8972bdd093
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\sse2\libi420_yuy2_sse2_plugin.dll
    Publisher:
    MD5: 2abf2b1ce7d6728f4899c25f8002fba8
    SHA-1: 937c9e4b3002d8064f0aa1c21062c52110371402
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\sse2\libi422_yuy2_sse2_plugin.dll
    Publisher:
    MD5: 86dc5fb679be535c0ef02b9bff580b83
    SHA-1: cc3e886c5f27cfe10c3692d815b1f719854e1d85
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_filter\librecord_plugin.dll
    Publisher:
    MD5: a1a5c11ddb16de35ffa397cdb5989f52
    SHA-1: 5985b297234cd8af673473adcbcda322ef1ba1d1
    Created: 23/07/2014 01:29:12
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_autodel_plugin.dll
    Publisher:
    MD5: 8964d6630de35613ec2b0b74dac16394
    SHA-1: 90f76e7da3b84c40aeca4149de0d45f695c42359
    Created: 23/07/2014 01:29:28
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_description_plugin.dll
    Publisher:
    MD5: 8a7118c263c78c58be7f196713214390
    SHA-1: 769614f6a43f4aed764c35441fa8382432236ad1
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_display_plugin.dll
    Publisher:
    MD5: a2e17f5f5a9afb795b48ab6b0d278361
    SHA-1: de301599c200857765b65cba698a4136ae09cfe3
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_gather_plugin.dll
    Publisher:
    MD5: 2e50cba9eee867db7a5adb1ecca61bc0
    SHA-1: a00ee7cdf300de4e44a8d336a722ea962f1ae144
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_langfromtelx_plugin.dll
    Publisher:
    MD5: 705ddf3997c68b4a17f281e9bd043967
    SHA-1: d214d1f3adb34cf37228da43054f271f5ff1b255
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_setid_plugin.dll
    Publisher:
    MD5: 8a64e3412517d5e84353a73dc7689250
    SHA-1: 0bcf9bf9bc4012d61ec0d97605894ff0773d544b
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_smem_plugin.dll
    Publisher:
    MD5: 235949f1943107f9860681a3b5eb6342
    SHA-1: f8e744d81738b07167bb6c57c58d07bbc1ccbcb1
    Created: 23/07/2014 01:29:26
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\text_renderer\libtdummy_plugin.dll
    Publisher:
    MD5: f8ccbfce6160fcced15a8ef3129dbd43
    SHA-1: 99b7d84f58179c8c841a09e42a8fb93e8de8b589
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libgrey_yuv_plugin.dll
    Publisher:
    MD5: 71fd96e421c3ee4935cb521a86127781
    SHA-1: 6d3497fbe7b5ae8ff289b64b025378a8b719f32b
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libi420_yuy2_plugin.dll
    Publisher:
    MD5: 242fe6116af190aa822cfae3717af2d8
    SHA-1: ac4676c8e2f80971d544d87d00ac68886f55e833
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libi422_i420_plugin.dll
    Publisher:
    MD5: 5d020ed80b05b2df23c713f2b92c9474
    SHA-1: 75e709bd9fb8c197c5ef4c4ebb964eec4ea6c6d5
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libi422_yuy2_plugin.dll
    Publisher:
    MD5: ea71e0f0b277a73831fef0c717bd8b0e
    SHA-1: d3b8d32c0691878665dbf27cbe8a48d89cb2a32f
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\librv32_plugin.dll
    Publisher:
    MD5: b2401f361d032307ac92e0a3187ad097
    SHA-1: e598f3b42b5ad92d6fb1f072d73007b949307b0e
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libyuy2_i420_plugin.dll
    Publisher:
    MD5: 74251ce4fdd751a76a12f377f47d01a0
    SHA-1: 3b5139f04075840fe8ed769a439b0033c4ae9c91
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libyuy2_i422_plugin.dll
    Publisher:
    MD5: 29b18dbe62bad512934b293291ca004e
    SHA-1: 7ac7d52d4ea47ec66d3aa604f2244cd6e8644dd5
    Created: 23/07/2014 01:29:22
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libalphamask_plugin.dll
    Publisher:
    MD5: 8c966c0b27d9097d5ea75f0d9246339d
    SHA-1: 8b1bcde764ed7ec204042df3c1d47b257c83b586
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libanaglyph_plugin.dll
    Publisher:
    MD5: 2e64bec9e26d6711164746ce41130612
    SHA-1: cb5c6cb976d20f5e7f1f96202fbee46c8c73f673
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libantiflicker_plugin.dll
    Publisher:
    MD5: 37e6144a1f8f456b40e46e582411b845
    SHA-1: 48fd346012c9d47e1fccae9069b40f546da9b401
    Created: 23/07/2014 01:29:30
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libball_plugin.dll
    Publisher:
    MD5: f0f26341473cf2d1e8210fe71d7f0db5
    SHA-1: 1808f1346e969a21eda03d1d47ca135af982dfe4
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libblendbench_plugin.dll
    Publisher:
    MD5: f325da3a097bdccb7ef642cb6ff2de66
    SHA-1: 0a315937977346f18225722d2a8195e05c349ea6
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libclone_plugin.dll
    Publisher:
    MD5: c75ceefbc7c3044cdfe5bf8518a6b4b6
    SHA-1: 4e9dba5a2e440bef6a611d04e928b37bb6c6dd45
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libcolorthres_plugin.dll
    Publisher:
    MD5: c8236337fbff293938a7bfb0f5919ca4
    SHA-1: a3a94103180a6ad819a8647a8c773986d09900c4
    Created: 23/07/2014 01:29:32
    Detections: 2
    Determination: Inconclusive
    - Bkav FE as W32.HfsAutoB (Undefined)
    - Emsisoft Anti-Malware as Backdoor.Turkojan.AB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libcroppadd_plugin.dll
    Publisher:
    MD5: bace6ced181bece7edb664c0eb956ac5
    SHA-1: 131fbca7b194d1539c6d859c823c779e3186beae
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\liberase_plugin.dll
    Publisher:
    MD5: ab4e4d95ce89daae3b278a4d145a2ee5
    SHA-1: d4e3ddbbab0a5e17db0505c6122dd2130660e53b
    Created: 23/07/2014 01:29:30
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libextract_plugin.dll
    Publisher:
    MD5: 0d89e5dc4c96be2b927b0c7c071e2437
    SHA-1: c222f4cb2a219227746a11d8be336d5b06e277bd
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libinvert_plugin.dll
    Publisher:
    MD5: 4c286396fc9f128876be574ab4cd0ae6
    SHA-1: ee08becc4b92b67d4f2cd8d15bd233ac70679ce8
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\liblogo_plugin.dll
    Publisher:
    MD5: 99b1d8643c89ad1e7588a4ada37f7e7d
    SHA-1: 2e6d811425399fdfb549dc74a9de303fbd9373dd
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmagnify_plugin.dll
    Publisher:
    MD5: 2587d3303f4b82152acbea9420079136
    SHA-1: 4c3a6594cd27a0ddb93c7d7941f9c6abb1f6e32f
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmarq_plugin.dll
    Publisher:
    MD5: a5b8d8860ace7c11f9ca1cb0cd66b035
    SHA-1: 2396a8b55d6dbaf8f4d2838b4d8455684a181304
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmirror_plugin.dll
    Publisher:
    MD5: fa8b8d9aedbf73a961d379e39b82600e
    SHA-1: 46397e0e53c7c0319bf3fff697baf142678f3a44
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmotionblur_plugin.dll
    Publisher:
    MD5: b91650b588e35f74c3f3654b8f1501ab
    SHA-1: 90ba6a5fc4902ee1a72bee01bedd9830655fb57c
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmotiondetect_plugin.dll
    Publisher:
    MD5: ac02598fd259f0014d4e033beb664e07
    SHA-1: ab7a64d30408c549040ec2ac4d9e08703bd199a7
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libpanoramix_plugin.dll
    Publisher:
    MD5: 414659d83af4575a47e386c9e3dac96b
    SHA-1: fadd68c3473a6b6dcfe42cc50e4f1f7bfd7ff081
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libposterize_plugin.dll
    Publisher:
    MD5: 37e9829a73c3d21825f5bc5d148bba4e
    SHA-1: 794f20e55ad40fb5ac72f2d48ba35e4853ed3454
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libpsychedelic_plugin.dll
    Publisher:
    MD5: 8a754865a2acfff9c8c8513532b50280
    SHA-1: 47dcaca4355315e29c9ab901344cf8f9e66eaf9c
    Created: 23/07/2014 01:29:30
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libpuzzle_plugin.dll
    Publisher:
    MD5: 485022d33a9d4323e813b099fac74634
    SHA-1: 69185752d830775e7a9ac72e3bc477e70fd80199
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libripple_plugin.dll
    Publisher:
    MD5: b5fd6fc55500035bed4cf0b75ab18622
    SHA-1: 0cea5ba9d241f84770e2337c5332c8782a985f72
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\librotate_plugin.dll
    Publisher:
    MD5: 1ef7722f4efc0fb136e7fbb006ade35a
    SHA-1: 275024703539cc42515b970feecad2ca8d4aaf67
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as HW32.TsCabk (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libscale_plugin.dll
    Publisher:
    MD5: 958698cc1962ff0b91aaf3e5fc88fa1c
    SHA-1: bf0eedc77f0ebc4ce4dba102b817a48ac04b017c
    Created: 23/07/2014 01:29:30
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libsepia_plugin.dll
    Publisher:
    MD5: 12a6edae293e0ece1b73c50a435c3e33
    SHA-1: 16795ca197ab7ab3ee5f17acf176ea3f2b1e8a7a
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libsharpen_plugin.dll
    Publisher:
    MD5: a0c294320b299ddd057b0e10f6c02393
    SHA-1: 605854046553dcf7410725ba00df1de49f3ae73e
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libtransform_plugin.dll
    Publisher:
    MD5: e457d53746b1d6f749f9404be5d5cf52
    SHA-1: 40b2b0a32541ad15f11b23205153f7746cc8c5b4
    Created: 23/07/2014 01:29:34
    Detections: 2
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)
    - AegisLab AV Signature as Troj.W32.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libwall_plugin.dll
    Publisher:
    MD5: fe3c31460541a5ab3db90c3f803d1b78
    SHA-1: a5d1ed594426d0e78c07472c782f88e35a86663a
    Created: 23/07/2014 01:29:30
    Detections: 2
    Determination: Inconclusive
    - Bkav FE as W32.HfsAutoB (Undefined)
    - Emsisoft Anti-Malware as Win32.Virtob.Gen.12 (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libwave_plugin.dll
    Publisher:
    MD5: 7f8066316426677c63895946e8273d66
    SHA-1: 1d62c63930b666447fe0b40e16aee5ff5c531cfa
    Created: 23/07/2014 01:29:32
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libyuvp_plugin.dll
    Publisher:
    MD5: f9eac92dc4b70482d55d1587ec4169c2
    SHA-1: edafe8b9b1114e7661b185583c4f2a3174f54fdc
    Created: 23/07/2014 01:29:34
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_output\libcaca_plugin.dll
    Publisher:
    MD5: 77d9c0605951192b20867dec891f7e05
    SHA-1: d62fa0e52f17d717d62b1c48d0ad7ef7143fda9e
    Created: 23/07/2014 01:29:20
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_output\libdrawable_plugin.dll
    Publisher:
    MD5: 1fd0ddc20c50370e45da9dd5de9590b4
    SHA-1: cbc6f34c64b85c4bad3e31dd225d407304754c9c
    Created: 23/07/2014 01:29:22
    Detections: 2
    Determination: Inconclusive
    - Bkav FE as W32.HfsAutoB (Undefined)
    - Emsisoft Anti-Malware as Android.Adware.Minimob (Adware)

    ---------------------------------------------------------------------------------

    File path: c:\program files (x86)\videolan\vlc\plugins\video_output\libvmem_plugin.dll
    Publisher:
    MD5: 3866b89ee1eafd83138340b7ff829714
    SHA-1: 7e00fa566e2486927e51944f81bc6ed196619fff
    Created: 23/07/2014 01:29:20
    Detections: 1
    Determination: Ignore detections (false positive)
    - Bkav FE as W32.HfsAutoB (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)

    ---------------------------------------------------------------------------------

    File path: c:\users\luca\appdata\local\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
    Publisher:
    MD5: 9cf1f790be8c592b1cabac496ddeaa70
    SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
    Created: 25/02/2015 10:32:05
    Detections: 1
    Determination: Inconclusive
    - Avira AntiVirus as GAME/Casino.Gen (Undefined)






    Results of screen317's Security Check version 0.99.97
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Kaspersky Internet Security
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java 64-bit 8 Update 31
    Google Chrome (40.0.2214.111)
    Google Chrome (40.0.2214.115)
    ````````Process Check: objlist.exe by Laurent````````
    Kaspersky Lab Kaspersky Internet Security 15.0.1 avp.exe
    Kaspersky Lab Kaspersky Internet Security 15.0.1 avpui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````




    Thank you (y)
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Nothing of interest to worry about, run the following to clean up:

    Download "Delfix by Xplode" and save it to your desktop.

    Or use the following if first link is down:

    "Delfix link mirror"

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:


    • Remove disinfection tools
    • Purge System Restore
    • Reset system settings

    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Any remnant files/logs from tools we have used can be deleted…

    Next,

    Read the following link to fully understand PC security and best practices, you may find it useful....

    http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

    If no remaining issues or concerns hit the "Mark Solved" tab at the top of the thread....

    Thanks,

    Kevin...
     
  15. ildrugo

    ildrugo Thread Starter

    Joined:
    Mar 4, 2015
    Messages:
    8
    You are great!!! Thanks very very much :) (y)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144170

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice