Svchost.exe creates itself in c:\windows\temp

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ildrugo

Thread Starter
Joined
Mar 4, 2015
Messages
8
Hallo everybody,
my machine has a virus in svchost.exe in c:\windows\temp that creates itself every boot.
I've last kaspersky security, it delete the svchost.exe file every boot but i would delete permanently, can you help me?
I've tried also in windows safe mode, disabled av, launch combofix, eset, hitmanpro, malwarebytes, jrt, tdsskiller, nothing, every boot svchost.exe creates itself.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X2 550 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 2
RAM: 8190 Mb
Graphics Card: NVIDIA GeForce GTX 570, 1280 Mb
Hard Drives: C: Total - 76231 MB, Free - 19137 MB; D: Total - 534136 MB, Free - 54693 MB;
Motherboard: ASUSTeK Computer INC., M4A785TD-V EVO
Antivirus: Kaspersky Internet Security, Updated and Enabled


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015
Ran by LUCA (administrator) on DARYL on 04-03-2015 17:57:00
Running from C:\Users\LUCA\Desktop\Malware remove
Loaded Profiles: LUCA (Available profiles: LUCA)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() C:\Windows\temp\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2787840 2010-01-18] (VIA)
Startup: C:\Users\LUCA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2198110285-402169673-2624775991-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2198110285-402169673-2624775991-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2198110285-402169673-2624775991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1073;&#1083;&#1086;&#1082;&#1091;&#1074;&#1072;&#1085;&#1085;&#1103; &#1085;&#1077;&#1073;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1080;&#1093; &#1074;&#1077;&#1073;-&#1089;&#1072;&#1081;&#1090;&#1110;&#1074; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2015-03-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: &#1042;&#1110;&#1088;&#1090;&#1091;&#1072;&#1083;&#1100;&#1085;&#1072; &#1082;&#1083;&#1072;&#1074;&#1110;&#1072;&#1090;&#1091;&#1088;&#1072; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2015-03-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: &#1041;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1110; &#1087;&#1083;&#1072;&#1090;&#1077;&#1078;&#1110; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2015-03-02]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR Profile: C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-13]
CHR Extension: (Google Docs) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
CHR Extension: (Google Drive) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-13]
CHR Extension: (YouTube) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-13]
CHR Extension: (Adblock Plus) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-13]
CHR Extension: (Google Search) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-13]
CHR Extension: (Kaspersky Protection) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-02]
CHR Extension: (Google Sheets) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-13]
CHR Extension: (PictureMate - View hidden pictures) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmlalkcjmglpgdkmkmmgjcajahkoigj [2015-01-03]
CHR Extension: (Google Wallet) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR Extension: (Gmail) - C:\Users\LUCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-13]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-08] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2014-09-22] (Google Inc)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-04] ()
S3 KCIRNET; C:\Windows\System32\DRIVERS\kcirnet.sys [29320 2011-02-10] (KC Technology Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-10-05] (http://libusb-win32.sourceforge.net)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2014-11-24] (Oracle Corporation)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1290752 2010-01-11] (VIA Technologies, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys [X]
S2 hl_mull; \SystemRoot\System32\drivers\hl_mull.SYS [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 17:48 - 2015-03-04 17:57 - 00000000 ____D () C:\Users\LUCA\Desktop\Malware remove
2015-03-04 17:47 - 2015-03-04 17:49 - 00000000 ____D () C:\AdwCleaner
2015-03-04 17:47 - 2015-03-04 17:47 - 02126848 _____ () C:\Users\LUCA\Downloads\AdwCleaner.exe
2015-03-04 17:46 - 2015-03-04 17:46 - 39739064 _____ (Microsoft Corporation) C:\Users\LUCA\Downloads\Windows-KB890830-x64-V5.21.exe
2015-03-04 17:41 - 2015-03-04 17:41 - 00000540 _____ () C:\Windows\PFRO.log
2015-03-04 17:35 - 2015-03-04 17:35 - 00020078 _____ () C:\ComboFix.txt
2015-03-04 17:28 - 2015-03-04 17:28 - 00000624 _____ () C:\Users\LUCA\Desktop\JRT.txt
2015-03-04 17:24 - 2015-03-04 17:24 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-04 17:23 - 2015-03-04 17:23 - 00002078 _____ () C:\Windows\system32\.crusader
2015-03-04 17:17 - 2015-03-04 17:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-04 15:07 - 2015-03-04 17:50 - 00000168 _____ () C:\Windows\setupact.log
2015-03-04 15:07 - 2015-03-04 15:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-03 18:44 - 2015-03-03 18:44 - 00023537 _____ () C:\Users\LUCA\Downloads\Addition.txt
2015-03-03 18:43 - 2015-03-04 17:57 - 00000000 ____D () C:\FRST
2015-03-03 18:43 - 2015-03-03 18:44 - 00046102 _____ () C:\Users\LUCA\Downloads\FRST.txt
2015-03-03 18:39 - 2015-03-03 18:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-03 18:39 - 2015-03-03 18:39 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-03 18:38 - 2015-03-03 18:38 - 18730584 _____ () C:\Users\LUCA\Downloads\RogueKillerX64.exe
2015-03-03 18:34 - 2015-03-03 18:34 - 00007710 _____ () C:\Users\LUCA\Downloads\ESETPoweliksCleaner.exe_20150303.183435.4240.log
2015-03-03 18:34 - 2015-03-03 18:34 - 00000022 _____ () C:\Users\LUCA\Downloads\ESETPoweliksCleaner.exe_20150303.183435.4240.zip
2015-03-02 20:54 - 2015-03-02 20:54 - 00001444 _____ () C:\Users\LUCA\Documents\pil.txt
2015-03-02 20:33 - 2015-03-02 20:36 - 61761674 _____ () C:\Users\LUCA\Downloads\40pft4009_12_fus_ita.zip
2015-03-02 17:15 - 2015-03-02 17:15 - 00347816 _____ (Microsoft Corporation) C:\Users\LUCA\Downloads\MicrosoftFixit.WinFileFolder.FISC.134873962880453.1.1.Run.exe
2015-03-02 17:08 - 2015-03-02 17:08 - 00001810 _____ () C:\Users\LUCA\Desktop\prova.reg
2015-03-02 14:49 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-02 14:49 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-02 14:49 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-02 14:49 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 14:36 - 2015-03-02 14:36 - 00003130 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 14:15 - 2015-03-02 14:15 - 00002330 _____ () C:\Users\LUCA\Desktop\Safe Money.lnk
2015-03-02 14:13 - 2015-03-02 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-03-02 14:13 - 2015-03-02 14:12 - 00002136 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-03-02 14:12 - 2015-03-04 17:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-02 14:12 - 2015-03-02 14:12 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-03-02 14:12 - 2015-03-02 14:12 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-02 14:12 - 2014-12-06 14:57 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-02 14:12 - 2014-12-06 14:57 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-03-02 14:12 - 2014-08-12 17:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-02 14:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-03-02 14:08 - 2015-03-02 14:11 - 204070656 _____ (Kaspersky Lab) C:\Users\LUCA\Downloads\kis15.0.1.415it-it.exe
2015-03-02 13:42 - 2015-03-04 17:35 - 00000000 ____D () C:\Qoobox
2015-03-02 13:42 - 2015-03-02 14:03 - 00000000 ____D () C:\Windows\erdnt
2015-03-02 13:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-02 13:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-02 13:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-02 13:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-02 13:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-02 13:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-02 13:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-02 13:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-02 13:41 - 2015-03-02 13:41 - 05612482 ____R (Swearware) C:\Users\LUCA\Downloads\ComboFix.exe
2015-03-02 13:28 - 2015-03-02 13:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 13:28 - 2015-03-02 13:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 13:28 - 2015-03-02 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-02 13:28 - 2015-03-02 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 13:28 - 2015-03-02 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-02 13:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-02 13:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-02 13:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-02 13:27 - 2015-03-02 13:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\LUCA\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 10:33 - 2015-03-02 10:33 - 00977408 _____ () C:\Users\LUCA\Downloads\Elenco_enti_rispondenti_e_non_auto_blu_300610.xls
2015-02-27 17:49 - 2015-02-27 17:49 - 00113152 _____ () C:\Users\LUCA\Documents\Sito web docente di Luca Mazzara — Curriculum vitae.html
2015-02-27 17:49 - 2015-02-27 17:49 - 00000000 ____D () C:\Users\LUCA\Documents\Sito web docente di Luca Mazzara — Curriculum vitae_files
2015-02-27 17:08 - 2015-02-27 17:08 - 00001259 _____ () C:\Users\LUCA\Documents\proposta di legge modifica legge regionale polizia locale.txt
2015-02-26 18:43 - 2015-02-26 18:43 - 00014619 _____ () C:\Users\LUCA\Downloads\Sogni e Delitti.torrent
2015-02-26 18:25 - 2015-02-26 18:25 - 00002209 _____ () C:\Users\LUCA\Documents\Musica classica.axp
2015-02-26 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-16 01:09 - 2015-02-16 01:09 - 00024469 _____ () C:\Users\LUCA\Downloads\black.sails.s02.e04.subspedia.zip
2015-02-14 21:21 - 2015-02-14 21:21 - 00000117 _____ () C:\Users\LUCA\Documents\trattorie.txt
2015-02-12 20:20 - 2015-02-12 20:20 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-12 07:45 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 07:45 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:45 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 07:45 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 20:03 - 2015-02-11 20:04 - 04609966 _____ () C:\Users\LUCA\Downloads\Atti_amministrativi.zip
2015-02-11 09:58 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:58 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:58 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:58 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:58 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:58 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:58 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:58 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:58 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:58 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:58 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:58 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:58 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:58 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:58 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:58 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:58 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:58 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:58 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:58 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:58 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:58 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:58 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:58 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:58 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:58 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:58 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:58 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:58 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:58 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:58 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:58 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:58 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:58 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:58 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:58 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:58 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:58 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:58 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:58 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:58 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:58 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:58 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:58 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:58 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:58 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:58 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:58 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:58 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:58 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:58 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:58 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:58 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:58 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:58 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:58 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:58 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:58 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:58 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:58 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:58 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:58 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:58 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:58 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:58 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:58 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:58 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:58 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:58 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:58 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:58 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:58 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:58 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:58 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:58 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:57 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:57 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:57 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:57 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:57 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:57 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:57 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:57 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:57 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:57 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:57 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:57 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:57 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:57 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:57 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:57 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:57 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:57 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:57 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:57 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:57 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:57 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:57 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:57 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:57 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:57 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:57 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:57 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:57 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:57 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:57 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:57 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:57 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:57 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 09:57 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:57 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 09:57 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 03:33 - 2015-02-11 03:33 - 00294177 _____ () C:\Users\LUCA\Downloads\genico-1.1.zip
2015-02-10 19:06 - 2015-02-10 19:10 - 309136440 _____ (NVIDIA Corporation) C:\Users\LUCA\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-02-09 20:57 - 2015-02-09 22:09 - 00000000 ____D () C:\Windows\Minidump
2015-02-08 14:58 - 2015-02-08 14:58 - 06846309 _____ () C:\Users\LUCA\Downloads\Non confermato 213970.crdownload
2015-02-08 14:57 - 2015-02-08 14:57 - 06846309 _____ () C:\Users\LUCA\Downloads\Non confermato 359747.crdownload
2015-02-08 14:56 - 2015-02-08 14:57 - 06846309 _____ () C:\Users\LUCA\Downloads\Non confermato 383880.crdownload
2015-02-08 14:26 - 2015-02-08 14:27 - 70508888 _____ () C:\Users\LUCA\Downloads\Ace_Stream_Media_3.0.9 (1).exe
2015-02-08 12:19 - 2015-02-08 12:19 - 07195120 _____ (Microsoft Corporation) C:\Users\LUCA\Downloads\vcredist_x64.exe
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-08 12:13 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\LUCA\AppData\Roaming\Origin
2015-02-08 12:13 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\LUCA\AppData\Local\Origin
2015-02-08 12:11 - 2015-02-08 12:43 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-08 12:11 - 2015-02-08 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-02-08 12:11 - 2015-02-08 12:11 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-02-08 12:09 - 2015-02-08 12:10 - 17102664 _____ (Electronic Arts, Inc.) C:\Users\LUCA\Downloads\OriginThinSetup.exe
2015-02-08 12:05 - 2015-02-08 12:05 - 00000946 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-02-08 12:05 - 2015-02-08 12:05 - 00000000 ____D () C:\Users\LUCA\Documents\FIFA 15
2015-02-08 12:05 - 2015-02-08 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-02-08 12:04 - 2015-02-08 12:11 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-02-08 11:12 - 2015-02-08 11:12 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-02-08 11:11 - 2015-02-08 11:14 - 00000000 ____D () C:\Program Files\AMD
2015-02-08 11:04 - 2015-02-08 12:44 - 00000000 ___HD () C:\ProgramData\Origin
2015-02-08 11:04 - 2015-02-08 11:04 - 00003086 _____ () C:\Windows\System32\Tasks\Origin
2015-02-08 11:04 - 2015-02-08 11:04 - 00000948 _____ () C:\Users\LUCA\Desktop\FIFA 15 Ultimate Team Edition.lnk
2015-02-08 10:18 - 2015-02-08 10:18 - 00109527 _____ () C:\Users\LUCA\Downloads\074580431AAF0C612B26A2D1C1841139FBA3A57F.torrent
2015-02-06 17:52 - 2015-02-06 17:52 - 00084941 _____ () C:\Users\LUCA\Downloads\[limetorrents.cc]Game.Of.Thrones.-.Il.Trono.Di.Spade.S04e07[Mux.-.720p.-.H264.-.Ita.Eng.Ac3.-.Sub.Ita.Eng][.]HDTVMux.torrent
2015-02-06 16:41 - 2015-02-06 16:41 - 01927528 _____ () C:\Users\LUCA\Downloads\SkyrimTraduzioneITA.rar
2015-02-06 15:19 - 2015-02-06 15:19 - 00109376 _____ () C:\Users\LUCA\Downloads\074580431AAF0C612B26A2D1C1841139FBA3A57F [3444681].torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 17:54 - 2014-09-13 15:08 - 01546746 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 17:51 - 2014-09-13 15:45 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 17:50 - 2014-12-01 19:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-04 17:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 17:49 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:49 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:34 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-04 17:13 - 2014-09-13 15:45 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 17:02 - 2014-09-24 16:52 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 20:37 - 2010-11-21 16:30 - 00740832 _____ () C:\Windows\system32\perfh010.dat
2015-03-02 20:37 - 2010-11-21 16:30 - 00146886 _____ () C:\Windows\system32\perfc010.dat
2015-03-02 20:37 - 2009-07-14 06:13 - 01658920 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 16:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 15:00 - 2014-09-13 15:54 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-02 15:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-02 14:51 - 2014-12-03 20:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-02 14:41 - 2014-09-13 15:53 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-03-02 14:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-01 14:09 - 2014-09-13 16:16 - 00000000 ____D () C:\Users\LUCA\AppData\Roaming\vlc
2015-02-14 11:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 20:20 - 2014-11-03 20:51 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-12 20:20 - 2014-09-13 15:58 - 00084336 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-12 03:22 - 2009-07-14 05:45 - 00336656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:20 - 2014-12-12 04:16 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:20 - 2014-09-13 18:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:04 - 2014-09-13 16:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-08 12:19 - 2014-11-03 10:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 12:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-08 11:13 - 2014-09-13 15:23 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-06 16:41 - 2014-12-03 20:51 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V - Skyrim
2015-02-06 11:56 - 2014-12-03 19:44 - 00000000 ____D () C:\Users\LUCA\AppData\Roaming\Foxit Scanner Images
2015-02-05 18:28 - 2014-09-24 16:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:28 - 2014-09-24 16:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 18:28 - 2014-09-24 16:52 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 00:08 - 2014-09-13 15:45 - 00004146 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 00:08 - 2014-09-13 15:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-12-02 03:49 - 2014-12-02 04:40 - 2128896 _____ () C:\Users\LUCA\AppData\Local\file__0.localstorage
2014-12-05 15:27 - 2014-12-05 15:27 - 0007607 _____ () C:\Users\LUCA\AppData\Local\Resmon.ResmonCfg
2015-01-16 19:23 - 2015-01-16 19:23 - 0001534 _____ () C:\ProgramData\ss.ini

Some content of TEMP:
====================
C:\Users\LUCA\AppData\Local\Temp\Quarantine.exe
C:\Users\LUCA\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 14:30

==================== End Of Log ============================







Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015
Ran by LUCA at 2015-03-04 18:00:40
Running from C:\Users\LUCA\Desktop\Malware remove
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveState ActivePython 2.7.8.10 (32-bit) (HKLM-x32\...\{EF34E11A-5977-4234-BCDF-6328CA642BC4}) (Version: 2.7.10 - ActiveState Software Inc.)
ActiveState ActivePython 2.7.8.10 (64-bit) (HKLM\...\{1C2C54C6-AC67-4BD7-825D-D16C10AE5ABF}) (Version: 2.7.10 - ActiveState Software Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Aspell 0.6 Dictionary (Language: it) (HKLM-x32\...\Aspell6-Dictionary-it) (Version: - )
Assetto Corsa (HKLM-x32\...\Assetto Corsa_is1) (Version: - )
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.5.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.7.5.0 - ASUSTek COMPUTER INC.) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Call of Duty - Advanced Warfare version Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version: Call of Duty - Advanced Warfare - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Centro gestione Mouse e Tastiere Microsoft (Version: 2.3.188.0 - Microsoft Corporation) Hidden
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Installazione di DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
IRXpress USB IrDA (HKLM-x32\...\{623D6ADD-2882-4F0A-BC10-C3C8477A9F8E}) (Version: 1.00.0000 - CASIO COMPUTER CO., LTD.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 4.3.3.2 (HKLM-x32\...\{87C753BB-81E3-403B-BD87-6293F870B20B}) (Version: 4.3.3.2 - The Document Foundation)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware versione 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metro 2033 Redux (HKLM-x32\...\Metro 2033 Redux_is1) (Version: - )
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{e9c79bb5-31ef-4a80-90e9-1a39971dae23}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nec Crassy 338 Unlocker V2.0 (HKLM-x32\...\Nec Crassy 338 Unlocker_is1) (Version: - Unlocking solution)
NEC Mobile Drivers (HKLM-x32\...\InstallShield_{3219B3DD-743A-47ED-B449-24184AB01120}) (Version: 8.00 - NEC Corporation)
NEC Mobile Drivers (x32 Version: 8.00 - NEC Corporation) Hidden
NEC WMC USB_AD1 Software (HKLM-x32\...\NEC WMC USB_AD1) (Version: - )
NEC WMC USB_BJ1 Software (HKLM-x32\...\NEC WMC USB_BJ1) (Version: - )
NEC WMC USB_BK1 Software (HKLM-x32\...\NEC WMC USB_BK1) (Version: - )
NEC WMC USB_T1 Software (HKLM-x32\...\NEC WMC USB_T1) (Version: - )
NVIDIA Driver 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Driver grafico 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Pacchetto driver Windows - EventGhost USB Remote Driver (07/01/2009 1.0.0.9) (HKLM\...\9A14258C1DF49E2E31CD577E706499AB040949FC) (Version: 07/01/2009 1.0.0.9 - EventGhost)
Pannello di controllo NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.00) (Version: 1.00 - Pesgalaxy)
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.01) (Version: 1.01 - Pesgalaxy)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PokerStars.it (HKLM-x32\...\PokerStars.it) (Version: - PokerStars.it)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Communications Corp.)
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Setup - FIFA 15 Ultimate Team Edition (c) EA Sports ... (HKLM-x32\...\Setup - FIFA 15 Ultimate Team Edition (c) EA Sports ...) (Version: ... - EA)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.7.5 - Shark007)
SQLite Expert Personal 3.5.58 (HKLM-x32\...\SQLite Expert Personal 3_is1) (Version: - Bogdan Ureche)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Total War: ROME II Emperor Edition (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
Traduzione Hitman Absolution[FULL ITA] versione 1.0 (HKLM-x32\...\{DAFE8B31-8E9A-41B4-B08E-E969D16FE2A3}_is1) (Version: 1.0 - Gamecrackworldue)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Manager Piattaforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
x64 Components v4.7.5 (HKLM\...\Advanced x64Components_is1) (Version: 4.7.5 - Shark007)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

02-03-2015 17:20:24 luca
03-03-2015 18:00:54 Windows Update
04-03-2015 17:22:04 Punto di controllo di HitmanPro
04-03-2015 17:22:54 Punto di controllo di HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-04 17:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16EC708D-ED8E-4BA9-BA69-7C2325DC318D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {2B7607E1-5F36-450E-AEBC-D27DB52C4E03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {3509C94A-CDDC-4A0B-8FB5-D1B4755B5743} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {48EA352E-8FDD-4872-A46E-68DAF7CF86A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {4FE6A534-EC81-4E1F-83A4-BB7F406033A6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7A61BC3E-7B63-4E7C-B08C-5D8E5B54AA76} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8CB36ED9-6E29-4CF0-8CD6-2914C4BFE457} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-08] () <==== ATTENTION
Task: {B846B198-A101-43B5-B958-624C0663D30D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {D25E5008-3F96-4DAF-893E-50967E4FED79} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F7B5C840-5256-436B-9061-4EE1DC88EC90} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-01 19:51 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-03-04 17:52 - 2015-03-04 17:52 - 01605120 _____ () C:\Windows\temp\svchost.exe
2014-08-30 16:12 - 2014-08-30 16:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\LUCA\Downloads\347.52-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\Ace_Stream_Media_3.0.9 (1).exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\Ace_Stream_Media_3.0.9.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\cdbxp_setup_4.5.4.5306.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\FreeRIPstub.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\kis15.0.1.415it-it.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\mbam-setup-2.0.4.1028.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\OriginThinSetup.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\PokerStarsInstallIT.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\RepartitionBadDrive.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\rufus-1.4.12.exe:BDU
AlternateDataStreams: C:\Users\LUCA\Downloads\vcredist_x64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2198110285-402169673-2624775991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LUCA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Ext2 Volume Manager => C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Accounts: =============================

Administrator (S-1-5-21-2198110285-402169673-2624775991-500 - Administrator - Disabled)
Guest (S-1-5-21-2198110285-402169673-2624775991-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2198110285-402169673-2624775991-1002 - Limited - Enabled)
LUCA (S-1-5-21-2198110285-402169673-2624775991-1000 - Administrator - Enabled) => C:\Users\LUCA

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 05:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 05:42:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 05:29:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Impossibile creare un punto di ripristino. Processo: C:\Windows\system32\wbem\wmiprvse.exe, descrizione: ComboFix created restore point, errore: 0x8007043c.

Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine CoCreateInstance. hr = 0x8007043c, Questo servizio non può essere avviato in modalità provvisoria
.


Operazione:
Creazione dell'istanza del server del servizio Copia Shadow del volume in corso

Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 18) (User: )
Description: Errore del servizio Copia Shadow del volume: il server COM con CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e nome IVssCoordinatorEx2 non può essere avviato in modalità provvisoria.
Il servizio Copia Shadow del volume non può essere avviato in modalità provvisoria. [0x8007043c, Questo servizio non può essere avviato in modalità provvisoria
]


Operazione:
Creazione dell'istanza del server del servizio Copia Shadow del volume in corso


System errors:
=============
Error: (03/04/2015 05:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio hl_mull non è stato avviato per il seguente errore:
%%1275

Error: (03/04/2015 05:50:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Caricamento del driver \SystemRoot\SysWow64\drivers\hl_mull.SYS bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver.

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio ASGT. Questo evento si è già verificato 1 volta(e).

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio AMD FUEL Service. Questo evento si è già verificato 1 volta(e).

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Spooler di stampa è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio AMD External Events Utility. Questo evento si è già verificato 1 volta(e).

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio NVIDIA Stereoscopic 3D Driver Service. Questo evento si è già verificato 1 volta(e).

Error: (03/04/2015 05:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio NVIDIA Display Driver Service. Questo evento si è già verificato 1 volta(e).


Microsoft Office Sessions:
=========================
Error: (03/04/2015 05:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 05:42:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 05:29:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Questo servizio non può essere avviato in modalità provvisoria


Operazione:
Creazione dell'istanza del server del servizio Copia Shadow del volume in corso

Error: (03/04/2015 05:29:32 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Questo servizio non può essere avviato in modalità provvisoria


Operazione:
Creazione dell'istanza del server del servizio Copia Shadow del volume in corso


CodeIntegrity Errors:
===================================
Date: 2015-03-04 17:34:09.613
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2015-03-04 17:34:09.535
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2015-03-04 17:34:09.457
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2015-03-04 17:34:09.379
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2015-03-02 13:50:39.146
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2015-03-02 13:50:39.068
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X2 550 Processor
Percentage of memory in use: 17%
Total physical RAM: 8190.18 MB
Available physical RAM: 6764.61 MB
Total Pagefile: 16378.55 MB
Available Pagefile: 14823.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.44 GB) (Free:18.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Dati) (Fixed) (Total:521.62 GB) (Free:53.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 4A96D7EA)
Partition 1: (Active) - (Size=74.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=521.6 GB) - (Type=OF Extended)

==================== End Of Log ============================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Hello and welcome to TSG,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the update completes select Next.



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.



11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:



13. Verify that your system is now running normally, making sure that the following items are functional:

  • Internet access
  • Windows Update
  • Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...
 

ildrugo

Thread Starter
Joined
Mar 4, 2015
Messages
8
Thanks very very much for your reply :)
Mbar (the only program that detect the infected files) scan, detect and clean infected files, but when i reboot the system they are replaced. I've made it three times but always same problem. I've launched also fixdamage, nothing.


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17633

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.113000 GHz
Memory total: 8588025856, free: 6928834560

Downloaded database version: v2015.03.04.05
Downloaded database version: v2015.02.25.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
03/04/2015 21:40:36
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\cm_km_w.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\klhk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Ext2Fsd.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\klwtp.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\system32\DRIVERS\klpd.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\kldisk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\IOMap64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.03.04.05
rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800768c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768c970, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800768c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800766b680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4A96D7EA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 156121667
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 156344576 Numsec = 1093912320

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80082ec790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800808ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80082ec790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008088b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008312790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800808bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008312790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800807cb60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008330790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800808cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008330790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800830ab60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8008332790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800808db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008332790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008089b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\temp\lsass.exe --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17633

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.113000 GHz
Memory total: 8588025856, free: 7150739456

Downloaded database version: v2015.03.04.06
=======================================
Initializing...
------------ Kernel report ------------
03/04/2015 21:53:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\cm_km_w.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\klhk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Ext2Fsd.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\klwtp.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\system32\DRIVERS\klpd.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\kldisk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\IOMap64.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.03.04.06
rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007672060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80076729b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007672060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007629680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4A96D7EA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 156121667
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 156344576 Numsec = 1093912320

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008189790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f2db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008189790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f15ad0, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80081af790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081af790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f25b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80081cd790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f2fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081cd790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f21b60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80081cf790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f30b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081cf790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f28b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Windows\temp\lsass.exe --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17633

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.113000 GHz
Memory total: 8588025856, free: 6624788480

=======================================
Initializing...
------------ Kernel report ------------
03/04/2015 22:08:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\cm_km_w.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\klhk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Ext2Fsd.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\klwtp.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\system32\DRIVERS\klpd.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\kldisk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\IOMap64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\userenv.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.03.04.06
rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007678540, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80076779e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007678540, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800765b680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4A96D7EA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 156121667
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 156344576 Numsec = 1093912320

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800673f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f86b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800673f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f7ab60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80081b1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f87b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081b1790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f84b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80081d7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f82b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081d7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f79a60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80081f5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f81b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081f5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f83b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Windows\temp\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Windows\temp\lsass.exe --> [Trojan.Agent]
Scan finished
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished






Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.03.04.06
rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
LUCA :: DARYL [administrator]

04/03/2015 22:08:24
mbar-log-2015-03-04 (22-08-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 348709
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Detected: 1
C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> 2848 -> Delete on reboot. [1274c77ab0da1a1c77aa6475857ffe02]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot. [1274c77ab0da1a1c77aa6475857ffe02]
C:\Windows\temp\lsass.exe (Trojan.Agent) -> Delete on reboot. [94f25de48901b97d3c737a818f75c838]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Thanks
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
OK run TDSSKiller as follows:

Please read carefully and follow these steps.
  • Download TDSSKiller from here* http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.
  • Doubleclick on
    to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"




  • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.





  • Select "Start Scan"




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin....
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Obviously we do not find the trojan that reinstall infection each time we remove it... Run the following:

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
  • Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Thanks,

Kevin...
 

ildrugo

Thread Starter
Joined
Mar 4, 2015
Messages
8
RogueKiller V10.5.0.0 [Mar 2 2015] di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : http://forum.adlice.com
Sito Web : http://www.adlice.com/softwares/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniziato in : Modalità Normale
Utente : LUCA [Amministratore]
Modalità : Scansione -- Data : 03/04/2015 23:58:35

¤¤¤ Processi : 2 ¤¤¤
[Hj.Name?Suspicious.Path] svchost.exe(2592) -- C:\Windows\temp\svchost.exe[-] -> Eliminato [TermProc]
[Proc.Svchost] svchost.exe(2592) -- C:\Windows\temp\svchost.exe[-] -> Eliminato [TermThr]

¤¤¤ Registro : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPU-Z (\??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys) -> Trovato
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPU-Z (\??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys) -> Trovato
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPU-Z (\??\C:\Users\LUCA\AppData\Local\Temp\GPU-Z.sys) -> Trovato
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato

¤¤¤ Attività : 1 ¤¤¤
[Suspicious.Path] \\Origin -- C:\ProgramData\Origin\update.vbe -> Trovato

¤¤¤ Archivi : 0 ¤¤¤

¤¤¤ Archivio Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Non caricato [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AADS-00M2B0 ATA Device +++++
--- User ---
[MBR] 489f00a0e717107e66cf8140085012ae
[BSP] a99f3803971a85e21ff9ce7d1cfa523c : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] Dispositivo non pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Richiesta non supportata. )

+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] Dispositivo non pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Richiesta non supportata. )

+++++ PhysicalDrive3: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] Dispositivo non pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Richiesta non supportata. )

+++++ PhysicalDrive4: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] Dispositivo non pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Richiesta non supportata. )

Thanks (y)
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\ProgramData\Origin\update.vbe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Thanks....
 

ildrugo

Thread Starter
Joined
Mar 4, 2015
Messages
8
AVG JS/Heur 20150304
Avast VBS:Decode-NJ [Trj] 20150304
ESET-NOD32 VBS/Kryptik.DC 20150304
GData Script.Trojan.Agent.79WIGL 20150304
Ikarus Trojan.VBS.Crypt 20150304
Qihoo-360 virus.vbs.crypt.c 20150305
TrendMicro-HouseCall Suspicious_GEN.F47V0213 20150304
ALYac 20150304
AVware 20150304
Ad-Aware 20150304
AegisLab 20150304
Agnitum 20150228
AhnLab-V3 20150304
Alibaba 20150304
Antiy-AVL 20150304
Avira 20150304
Baidu-International 20150304
BitDefender 20150304
Bkav 20150304
ByteHero 20150305
CAT-QuickHeal 20150304
CMC 20150304
ClamAV 20150304
Comodo 20150304
Cyren 20150304
DrWeb 20150304
Emsisoft 20150304
F-Prot 20150304
F-Secure 20150304
Fortinet 20150304
Jiangmin 20150304
K7AntiVirus 20150304
K7GW 20150304
Kaspersky 20150304
Kingsoft 20150305
Malwarebytes 20150304
McAfee 20150304
McAfee-GW-Edition 20150304
MicroWorld-eScan 20150304
Microsoft 20150304
NANO-Antivirus 20150304
Norman 20150304
Panda 20150304
Rising 20150304
SUPERAntiSpyware 20150303
Sophos 20150304
Symantec 20150304
Tencent 20150305
TheHacker 20150303
TotalDefense 20150304
TrendMicro 20150304
VBA32 20150304
VIPRE 20150305
ViRobot 20150304
Zillya 20150303
Zoner 20150303
nProtect 20150304
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    Code:
    :Files
    C:\ProgramData\Origin\update.vbe
    :Commands
    [EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Run MBAR again, post fresh logs...

Thank you,

Kevin
 

ildrugo

Thread Starter
Joined
Mar 4, 2015
Messages
8
All processes killed
========== FILES ==========
C:\ProgramData\Origin\update.vbe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LUCA
->Temp folder emptied: 1312672 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Google Chrome cache emptied: 16532270 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11742534 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 03052015_002825

Files moved on Reboot...
File move failed. C:\Users\LUCA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395c8fd8a867_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\LUCA\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395c8fd8a867_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\LUCA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\LUCA\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...




Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.03.04.07
rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
LUCA :: DARYL [administrator]

05/03/2015 00:34:48
mbar-log-2015-03-05 (00-34-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 348788
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Seems cleaned :)
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Yep, if we kill the source we are making very good progress, run the following:

Scan with HerdProtect

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    icon and select
    Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

Please include the contents of that report in your next reply.

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

thank you,

Kevin...
 

ildrugo

Thread Starter
Joined
Mar 4, 2015
Messages
8
Saved date: 05/03/2015 02:42:21
Files detected: 207
Files scanned: 9.639
Processes scanned: 47
Modules scanned: 486
ASEPs scanned: 451
Downloads scanned: 0
Deep analysis: 34/4
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\aksdf.sys
Publisher: Aladdin Knowledge Systems Ltd.
MD5: bc569a6c209d94f6643ee35710aec1f6
SHA-1: ff0180117477eb07e0cbfa39f14b4731c2639baa
Created: 09/01/2015 13:20:09
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/VBKrypt.efmc (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\hardlock.sys
Publisher: Aladdin Knowledge Systems Ltd.
MD5: d8bf3c594bd17a37960362e6c6739b90
SHA-1: 31ea053c7db6147204e7b4773c79806cf66daeca
Created: 09/01/2015 13:20:14
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.LooksLike.Win32.Suspicious.B (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\desktop\securitycheck.exe
Publisher:
MD5: 1a0dcb7c514c7eda5e5cd83cc9ea0ef5
SHA-1: a7bfa412ce151bda85fad761f6c632e5e6ec68c1
Created: 05/03/2015 02:03:20
Detections: 6
Determination: Inconclusive
- McAfee as Artemis!1A0DCB7C514C (Undefined)
- Trend Micro House Call as Suspicious_GEN.F47V0226 (Undefined)
- McAfee Web Gateway as BehavesLike.Win32.Dropper.cc (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)
- Antiy Labs AVL as Trojan[:HEUR]/Win32.Unknown (Undefined)
- Kingsoft AntiVirus as VIRUS_UNKNOWN (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\desktop\malware remove\combofix.exe
Publisher: Swearware
MD5: 804ba1d5dfd9810a7cb345b2c76961ba
SHA-1: 04a8e4c0a84850c2a1e4edc326346f6f0394aec4
Created: 02/03/2015 13:41:49
Detections: 7
Determination: Ignore detections (false positive)
- K7 Gateway Antivirus as Riskware (Undefined)
- K7 AntiVirus as Riskware (Undefined)
- McAfee Web Gateway as BehavesLike.Win32.Packed.tc (Undefined)
- Sophos as NirCmd
- Jiangmin as Trojan/JmGenGeneric.boe (Undefined)
- McAfee as Artemis!804BA1D5DFD9 (Undefined)
- Rising Antivirus as PE:Trojan.Win32.Generic.15632D02!358821122 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\desktop\malware remove\frst64.exe
Publisher: Farbar
MD5: 21efeb1489c08a6bdd019724b0db19c4
SHA-1: 7221b63ef0c52734b31b1a15871a23f0300c4f87
Created: 03/03/2015 18:43:04
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\desktop\malware remove\frst-olderversion\frst64.exe
Publisher: Farbar
MD5: 51c9cf9ee55d40142ea4ad86de1ab8d1
SHA-1: 040c6c4f4a688fa788b3d539709db9787ac6780f
Created: 03/03/2015 18:43:04
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\desktop\wiidownloader (+cache)\wiidownloader\database\modmii\modmiiskin.exe
Publisher:
MD5: 2c65d376893f0297716becd39ad4b4ff
SHA-1: 2f8920218032d98baf8c1d702ef6df7638938865
Created: 18/12/2014 20:01:56
Detections: 1
Determination: Inconclusive
- F-Prot as W32/Undefined.Threat

---------------------------------------------------------------------------------

File path: c:\users\luca\desktop\wiidownloader (+cache)\wiidownloader\database\modmii\support\nircmd.exe
Publisher: NirSoft
MD5: dd7686c33351e9b8e67d6aa6b4352b73
SHA-1: b4e8ff898639edfd7ca94405beba7a91824bab79
Created: 18/12/2014 20:01:55
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)
- Sophos as NirCmd

---------------------------------------------------------------------------------

File path: c:\users\luca\desktop\wiidownloader (+cache)\wiidownloader\database\modmii\support\sfk.exe
Publisher:
MD5: 64a3599a1828abef3f16f3263f9a381a
SHA-1: 5f03fb0ca8959a8fc31c0461b92a6c3e54dcdd44
Created: 18/12/2014 20:01:55
Detections: 1
Determination: Inconclusive
- Microsoft Security Essentials as TrojanDropper:Win32/Lamechi.B (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\grep.exe
Publisher:
MD5: 9e05a9c264c8a908a8e79450fcbff047
SHA-1: 363b2ee171de15aeea793bd7fdffd68d0feb8ba4
Created: 02/03/2015 13:42:32
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\windows\mbr.exe
Publisher:
MD5: 0277c027a26428db64ef4f64f52bb4fd
SHA-1: 2f16becf7898ac2f5bdca9f80810c66143500e3e
Created: 02/03/2015 13:42:32
Detections: 1
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM003.a.(kcloud) (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\pev.exe
Publisher:
MD5: f042ee4c8d66248d9b86dcf52abae416
SHA-1: 4cd785c7c3e40c42e3d126086d986c4d4d940bb2
Created: 02/03/2015 13:42:32
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\zip.exe
Publisher:
MD5: 5e832f4faf5f481f2eaf3b3a48f603b8
SHA-1: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d
Created: 02/03/2015 13:42:32
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod7f4.Trojan (Undefined)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\windows\system32\atiapfxx.exe
Publisher: Advanced Micro Devices, Inc.
MD5: 7c16b85c0579859a4854460a6da18b5d
SHA-1: 0c40fc4f7247a62a49bd0651607029644675922e
Created: 30/04/2013 05:58:36
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Win32.Packer.SetupExeSection

---------------------------------------------------------------------------------

File path: c:\windows\system32\atig6pxx.dll
Publisher: Advanced Micro Devices, Inc.
MD5: c45e6f240254829cea638e2d70d1042d
SHA-1: ddc5d0d287df706d1786c1bb7316ad8a0d71e903
Created: 30/04/2013 04:48:38
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as Troj.W32.VBKrypt (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\atiumdva.dll
Publisher: Advanced Micro Devices, Inc.
Signer: AMD PMP-PE CB Code Signer v20130304
MD5: 2040180264b936f05e8460c3c4a7bd2c
SHA-1: 00d04bcbd943ed92b17111e6ebec37cfe32fc115
Created: 30/04/2013 06:19:32
Detections: 2
Determination: Ignore detections (false positive)
- Jiangmin as Win32/Virut.bn
- Bkav FE as HW32.Nonim (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\cvirte.dll
Publisher: National Instruments
MD5: c1eaf33757312e95858ecf808da943e4
SHA-1: c0199c3493678b98ba5f494246b7f0f3eeb66a29
Created: 09/01/2015 13:23:18
Detections: 1
Determination: Ignore detections (false positive)
- Vba32 AntiVirus as BScope.Trojan-Dropper.Injector (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\iscsicpl.dll
Publisher: Microsoft Corporation
MD5: f945adcef203e6104aec8ec9c337cfd0
SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created: 14/07/2009 01:46:13
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\klavasyswatch.dll
Publisher: Kaspersky Lab ZAO
MD5: 06c3404cd992e34a54c5aa97ed10108f
SHA-1: ec8d42a2c2e67c1ae2408b4b171492cae0d7c6ce
Created: 02/03/2015 14:12:32
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)
- CMC Antivirus as Heur.Win32.Obfuscated.1!O (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\rollback.dll
Publisher: Kaspersky Lab ZAO
MD5: c54281461dee2d1eb0e1132fa6ea2569
SHA-1: 46f0abf6c673906129530ce1d149c3b348234164
Created: 02/03/2015 14:12:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\swmon.kdl
Publisher: Kaspersky Lab ZAO
MD5: 903327b7fa2743a23abf1756fa364032
SHA-1: 7577390fd58f04db9a72b531151b49ecfe027b3a
Created: 02/03/2015 14:12:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\swmon_drv.kdl
Publisher: Kaspersky Lab ZAO
MD5: 0934326ba27099f9b8a28a5d897cec9d
SHA-1: 1bcaca95af48ac8a9f5160cf1e2de2c4b981d1ee
Created: 02/03/2015 14:12:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\sys_critical_obj.dll
Publisher: Kaspersky Lab ZAO
MD5: df0b8ec405e6f1bc83fd4669a4225fa5
SHA-1: 51b1156adff60fd2291bf483ffc23eb6e69c008d
Created: 02/03/2015 14:12:32
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-DTR.G

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\arkmon.kdl.aeeec152e3e81f218d27686fcaf9d774
Publisher: Kaspersky Lab ZAO
MD5: aeeec152e3e81f218d27686fcaf9d774
SHA-1: 0830b8f85ab365a9bdb664983c28b9325e8e824d
Created: 02/03/2015 14:46:47
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\kavsys.kdl.6320146b23a54cc3a482468b7b46e6a4
Publisher: Kaspersky Lab ZAO
MD5: 6320146b23a54cc3a482468b7b46e6a4
SHA-1: a5f3808a6e52c565b180730600c90eea922ea4e2
Created: 02/03/2015 14:46:47
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\kjim.kdl.d266d700a30a91462cc4a509417db5ea
Publisher: Kaspersky Lab ZAO
MD5: d266d700a30a91462cc4a509417db5ea
SHA-1: 9d5d75669c6531c12c42f59ea0da88fc61e044e7
Created: 02/03/2015 14:46:36
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)
- CMC Antivirus as Heur.Win32.Obfuscated.1!O (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\klavasyswatch.dll.0000000000117200-01d054ea8b136919-01d054ed2cb8378a
Publisher: Kaspersky Lab ZAO
MD5: 06c3404cd992e34a54c5aa97ed10108f
SHA-1: ec8d42a2c2e67c1ae2408b4b171492cae0d7c6ce
Created: 02/03/2015 14:46:50
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)
- CMC Antivirus as Heur.Win32.Obfuscated.1!O (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\mark.kdl.6c69ef8fd152138b474ef4e5105233c9
Publisher: Kaspersky Lab ZAO
MD5: 6c69ef8fd152138b474ef4e5105233c9
SHA-1: 7218b9a45b248ab13ff8e04d6de58661d848a283
Created: 02/03/2015 14:46:36
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\qscan.kdl.b2ff916870cb69af1da84f4b229ebcec
Publisher: Kaspersky Lab ZAO
MD5: b2ff916870cb69af1da84f4b229ebcec
SHA-1: 832d1951026c9e973d10e175dc7f7af14d8eec0b
Created: 02/03/2015 14:46:36
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\rollback.dll.0000000000027c00-01d054ea8b1a8d3a-01d00f9a09f25100
Publisher: Kaspersky Lab ZAO
MD5: c54281461dee2d1eb0e1132fa6ea2569
SHA-1: 46f0abf6c673906129530ce1d149c3b348234164
Created: 02/03/2015 14:38:39
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\swmon.kdl.0000000000019800-01d054ea8b1a8d3a-01d054ef3f8776d0
Publisher: Kaspersky Lab ZAO
MD5: 903327b7fa2743a23abf1756fa364032
SHA-1: 7577390fd58f04db9a72b531151b49ecfe027b3a
Created: 02/03/2015 14:46:50
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\swmon_drv.kdl.0000000000018600-01d054ea8b1cee9a-01d054ef3fcd8186
Publisher: Kaspersky Lab ZAO
MD5: 0934326ba27099f9b8a28a5d897cec9d
SHA-1: 1bcaca95af48ac8a9f5160cf1e2de2c4b981d1ee
Created: 02/03/2015 14:46:50
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsReno (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\kaspersky lab\avp15.0.1\bases\cache\sys_critical_obj.dll.0000000000023800-01d054ea8b1f4ffb-01d00f9a09f25100
Publisher: Kaspersky Lab ZAO
MD5: df0b8ec405e6f1bc83fd4669a4225fa5
SHA-1: 51b1156adff60fd2291bf483ffc23eb6e69c008d
Created: 02/03/2015 15:02:43
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-DTR.G

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\temp\rarsfx0\securitycheck\objlist.exe
Publisher:
MD5: d1f58aeac19634e39d915c29a098ca01
SHA-1: d02d8c6207ebd46194fef8920ef343580810da0a
Created: 05/03/2015 02:20:05
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Dropper.gen (Undefined)
- Jiangmin as Trojan/Generic.birzy (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\temp\rarsfx0\securitycheck\other\nircmdc.exe
Publisher: NirSoft
MD5: 9cb3a38088807f54e7f89ac30e09c030
SHA-1: d3578d56c6ec1c23179520a01309a79ccb38324b
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\temp\rarsfx0\securitycheck\other\sed.exe
Publisher:
MD5: 3a34d017aa4e5c11f2a329ab04da17f4
SHA-1: c9b6d3da1c296d6827345367f866fcdf2154bb95
Created: 05/03/2015 02:20:05
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\program files\daum\potplayer\module\bass64\bass_flac.dll
Publisher: Un4seen Developments
MD5: f52fb15993da401a1b021c0e9cdb508d
SHA-1: 353ab82256aa82567ada12f9cba01b15fbd42997
Created: 01/08/2014 05:48:12
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as Suspicious_GEN.F47V0825 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\daum\potplayer\module\bass64\bass_tta.dll
Publisher: MaresWEB
MD5: ef91ab402012911e7c8191403cc03a02
SHA-1: 56696501a3da85152e7bdad9c4b5022c1da68dce
Created: 27/07/2012 08:47:22
Detections: 2
Determination: Ignore detections (false positive)
- Jiangmin as TrojanSpy.Delf.bix (Undefined)
- ViRobot as JS.A.Pakes.14336.A (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\daum\potplayer\module\bass64\bass_wv.dll
Publisher: Un4seen Developments
MD5: 2f5874ead267700b2bdf57a3d2dfbe5a
SHA-1: 75b8a1a1e7c731e4f55d44a57e91c58b16f3004c
Created: 22/07/2014 10:32:22
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as Suspicious_GEN.F47V0821 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\asus\gpu tweak\gpu-z.dll
Publisher:
Signer: TechPowerUp Ltd
MD5: fde350a4c3d4b9143f6315667437fc41
SHA-1: d742cfdc96617326d7a5093d47200f9a528f8ea2
Created: 23/10/2014 23:02:00
Detections: 1
Determination: Ignore detections (false positive)
- Agnitum Outpost as Packed/PECompact

---------------------------------------------------------------------------------

File path: c:\program files (x86)\asus\gpu tweak\vga_ppid_dll.dll
Publisher:
MD5: bf375b3506db6c5aa7627348ae9ec8f4
SHA-1: ca210eaa8108c5c11f220414620ff14ad3cff8af
Created: 25/02/2014 17:22:12
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cdburnerxp\bass.dll
Publisher: Un4seen Developments
MD5: 8005750ec63eb5292884ad6183ae2e77
SHA-1: c83e31655e271cd9ef5bff62b10f8d51eb3ebf29
Created: 16/01/2015 19:28:02
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cdburnerxp\bassmix.dll
Publisher: Un4seen Developments
MD5: 14cb1c17e4a4b2cf3b939a271f5c4d3e
SHA-1: 731f09005147da048adf41577b71ac30155e0632
Created: 16/01/2015 19:28:02
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cdburnerxp\basswv.dll
Publisher: Un4seen Developments
MD5: 81cd30daf364ad06e88c11d2171d8117
SHA-1: d3d419933fc63af2dfdeef5065d1dbd9ffacbd20
Created: 16/01/2015 19:28:02
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\cdburnerxp\cdbxp.dll
Publisher: CDBurnerXP Software
MD5: 359b59095603b44f336a597bf1bf2def
SHA-1: 7eb95fd5042c484d8cb7b39fca14a82d6613fd0b
Created: 16/01/2015 19:28:03
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Trojan.MSIL.Agent!O (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\divx\divx player\dpxplugins\dpxdcfservicesplugin.dll
Publisher:
MD5: 4e9f38b7da2706c681beabc52ba676c7
SHA-1: 49eb1005acddd577fa529ec0e9a102f6804d7ed8
Created: 19/08/2014 06:31:08
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\installshield installation information\{758c8301-2696-4855-af45-534b1200980a}\issetup.dll
Publisher: Flexera Software LLC
MD5: 93915bb83b6d34b4c3352d4e5bf6bca2
SHA-1: 5dbf8f9386674b45fa32cb90fbcc9c609ed3a060
Created: 07/10/2014 21:38:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\kaspersky lab\kaspersky internet security 15.0.1\microsoft.practices.servicelocation.dll
Publisher: Microsoft
Signer: Microsoft Corporation
MD5: 6df78bb163d443d95b21f58808320af7
SHA-1: a0263ec61435d1ee4c18a92a06ac3ea2c42eb730
Created: 30/08/2014 17:11:48
Detections: 1
Determination: Inconclusive
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\kaspersky lab\kaspersky internet security 15.0.1\kaspersky restore utility\microsoft.practices.servicelocation.dll
Publisher: Microsoft
Signer: Microsoft Corporation
MD5: 6df78bb163d443d95b21f58808320af7
SHA-1: a0263ec61435d1ee4c18a92a06ac3ea2c42eb730
Created: 30/08/2014 17:11:48
Detections: 1
Determination: Inconclusive
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\nec\drivers\serialconv\winnt\ser2pl.sys
Publisher: Prolific Technology Inc.
MD5: fd245689004356aa2928b678736b9abd
SHA-1: d2940684aebbbc7f1978a53a1f4d67eed501e6c0
Created: 30/08/2005 14:17:56
Detections: 8
Determination: Inconclusive
- F-Prot as W32/SuspPack.AA.gen (Undefined)
- Avira AntiVirus as TR/Crypt.XPACK.Gen
- AVG as Trojan horse Corrupted (Undefined)
- The Hacker as Trojan/OnLineGames.spxp (Undefined)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K
- Jiangmin as Rootkit.Agent.bxo (Undefined)
- Commtouch SDK as W32/SuspPack.AA.gen!Eldorado (Undefined)
- Qihoo 360 Security as Malware.QVM00.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\pokerstars.it\pokerstarsuninstall.exe
Publisher:
MD5: 22e44a775618dfa820afa52c24d2967a
SHA-1: b93b3d0ce77a2b2e528f89c9c46f1aad34d380ac
Created: 01/02/2015 02:55:02
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.PWSZbot.fh (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\kiessilentupdateagent.exe
Publisher:
MD5: 35a25cd99987f4be161dacc28a0097f3
SHA-1: 9e432611832b96fbf485aaff4bea027b6c19922d
Created: 30/04/2014 19:44:08
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod3bb.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\external\mscdecryptioncore.dll
Publisher:
MD5: ed81bd1a0489786d29bf034d1bc70e5c
SHA-1: 704ed2b47e64df5969a6f6539c1b46ddfae76553
Created: 30/04/2014 19:43:50
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Downloader.H

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\external\devicemodules\errorreport.exe
Publisher:
MD5: 7752b3b02a3ee9634c5f2b293c624f18
SHA-1: 232ad120877e0e2430c6536a88825fd3e75209a4
Created: 30/04/2014 19:43:42
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\external\devicemodules\starburnx12.dll
Publisher: Rocket Division Software
Signer: Rocket Division Code Signing Services
MD5: 36a27d06e0abfaf26fc34e62076031c9
SHA-1: 54e1b5be175ed19fe041066e52d4454b44ac80df
Created: 30/04/2014 19:43:40
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\external\mediamodules\bass.dll
Publisher: Un4seen Developments
MD5: b2f3a33416a83666a59470539e9d3701
SHA-1: 6741ba00b64584d7b61087c429f3eaf0eedc7e8c
Created: 30/04/2014 19:43:44
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\external\transmodules\tg_cam.exe
Publisher: ENJsoft corp.
MD5: e429487276e8d0bf38a22112922fb2e1
SHA-1: dd0de746d139cbf4357897a6ca003929d495ad22
Created: 30/04/2014 19:43:34
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:[email protected] (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\external\transmodules\tg_faad.dll
Publisher: ENJsoft corp.
MD5: 8d68890de856ef260c16fb0a5023b88c
SHA-1: 4ca494c6bb29a75363fb33d325212c2e20c74622
Created: 30/04/2014 19:43:32
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K

---------------------------------------------------------------------------------

File path: c:\program files (x86)\samsung\kies\external\transmodules\tg_vresize.dll
Publisher: ENJsoft corp.
MD5: 35cf2b4dbbec46a39f16348351bcbe15
SHA-1: 842826e3f8687865ce4968010e175f1bc4f03574
Created: 30/04/2014 19:43:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\shark007\advanced\filters\bassopus.dll
Publisher: Un4seen Developments
MD5: 39275510e10e8b748583313b2155426e
SHA-1: efe507c46500e7807dd79deab76d6f1e38412604
Created: 23/08/2012 09:43:16
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\shark007\advanced\tools\conflict.exe
Publisher: Shark007
MD5: 855789d320c9cef490ba8df01ddbb9f8
SHA-1: d6f4f14dae36d1addba590774d82d99b97066d0e
Created: 21/01/2010 00:00:30
Detections: 1
Determination: Ignore detections (false positive)
- ViRobot as Trojan.Win32.A.Autoit.748330 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\shark007\advanced\tools\divfix++.exe
Publisher:
MD5: c9016ad0c7abd1a1bb515d7a5e3d81ab
SHA-1: 5e7b0672e5da432e7e21f6819c4a85acb7a27c74
Created: 17/10/2009 05:14:26
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\program files (x86)\shark007\advanced\tools\installedcodec.exe
Publisher: NirSoft
Signer: Nir Sofer
MD5: 6b324d5e73d4f274945a76bbe262574d
SHA-1: 56d88074e048d34fa98181e59231f52cab589a9f
Created: 27/07/2013 15:09:46
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\shark007\advanced\tools\settings32.exe
Publisher: Shark007
MD5: c3401d8afbb635cf9716c9727d723b44
SHA-1: cca234e6c32915d9ddc18c6e476ac5148ebc0161
Created: 01/09/2014 23:25:06
Detections: 2
Determination: Ignore detections (false positive)
- CMC Antivirus as Trojan.Win32.Generic!O (Undefined)
- McAfee Web Gateway as BehavesLike.Win32.Ransom.th (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\the elder scrolls v - skyrim\binkw32.dll
Publisher: RAD Game Tools, Inc.
MD5: 6c16d545b0717830773fb1ba4a195778
SHA-1: 4d205ef5ab7664f2e2b1de7b951824afa769ed61
Created: 03/12/2014 20:54:14
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\the elder scrolls v - skyrim\skyrimlauncher.exe
Publisher: Bethesda Softworks
Signer: Bethesda Softworks
MD5: 82b65df3bb2af89d5f87b3595b8c7062
SHA-1: 1d45c499cab1cc8c458c960b4021eb8e5b4ed4ce
Created: 03/12/2014 20:54:57
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\the elder scrolls v - skyrim\steamclient.dll
Publisher: THEGFW
MD5: fede45b71b5682aa54d2037cb6079061
SHA-1: 27837e691da28e2ced1647bb5fbdd2b02006474b
Created: 03/12/2014 21:14:07
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\unigine\heaven benchmark 4.0\bin\heaven.exe
Publisher: Unigine Corp.
MD5: 2eecc08f2907caa46338e56c0f63840b
SHA-1: bb6277977f8c48fa5a97d709580728a109fed71a
Created: 02/12/2014 03:32:48
Detections: 1
Determination: Ignore detections (false positive)
- Commtouch SDK as W32/Trojan.NCDA-2325 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\unigine\valley benchmark 1.0\bin\valley.exe
Publisher: Unigine Corp.
MD5: 2adbf23a7476d0efb584f2238d33c1b4
SHA-1: 806ea62f81e715263f9418a0a26cc6933ad5e293
Created: 02/12/2014 04:38:33
Detections: 1
Determination: Ignore detections (false positive)
- Commtouch SDK as W32/Trojan.NFDU-2325 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\via\setup\viahdaud\hdauddrvista64.dll
Publisher:
MD5: b32e61413ce83036e9525797f8ec36cf
SHA-1: d7f0a9c5fceb69dbc9e62a433a77bbb7efd96989
Created: 13/09/2014 16:29:04
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious.H

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\axvlc.dll
Publisher: VideoLAN
MD5: 620273de75aafb345e39116bbe46409c
SHA-1: 6fb69cf71d52880729a8485aa6001745caa168cf
Created: 23/07/2014 01:29:12
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\uninstall.exe
Publisher:
MD5: 52437302e4a48a6915afe987423a1587
SHA-1: 498594d713f5cf091d1f4710e77591284bf1aa86
Created: 13/09/2014 17:16:36
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Packed (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\access\libaccess_attachment_plugin.dll
Publisher:
MD5: 72907a3aa40ba1a13c0d1ff134ea1e80
SHA-1: 37e57dd0b4853147f552282bcd82d03274598778
Created: 23/07/2014 01:29:18
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\access\libaccess_tcp_plugin.dll
Publisher:
MD5: 1cc206bbc073f5a30b5fd98d7b81041f
SHA-1: 39cdb740b988ee6bcb5121036b86661b8c0488a8
Created: 23/07/2014 01:29:18
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\access\libaccess_udp_plugin.dll
Publisher:
MD5: dd0fbb4147982665508f3dfd0d5f7cea
SHA-1: c66894749a09da7dc519f278da25eaa388ea07aa
Created: 23/07/2014 01:29:18
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\access\libidummy_plugin.dll
Publisher:
MD5: 3982b69f6313c3f55e574d8305de89c0
SHA-1: 23df9e18d6e9511be4f7d63fec5ed5d4a87b654a
Created: 23/07/2014 01:29:18
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\access\libscreen_plugin.dll
Publisher:
MD5: 3d0807b283157d416998a96ba0c650a7
SHA-1: 8ef3e936d2fae14dd3362233045223003d7941d1
Created: 23/07/2014 01:29:18
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\access\libsdp_plugin.dll
Publisher:
MD5: e622d5e70fa9ae18f6237cc392ef74c6
SHA-1: cf7a3d9e31e7ec1fa5d71b87f4bf9018ec342fd7
Created: 23/07/2014 01:29:20
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\access_output\libaccess_output_dummy_plugin.dll
Publisher:
MD5: 61dd8f144c2c7332afaa2aee55ccfbba
SHA-1: 18b74499f8e7752188fe7b1b7ff8176b075449e7
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libaudio_format_plugin.dll
Publisher:
MD5: 14556b4ef8e4f800b052fcca50bf529b
SHA-1: 96ff71e8d0fd0060b4945e2d2b6fd67af3198d76
Created: 23/07/2014 01:29:28
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libgain_plugin.dll
Publisher:
MD5: 82c30afadedfb6fd776e3388675c687d
SHA-1: 15d66ecbe12bf638a625788ea02d152821f05af1
Created: 23/07/2014 01:29:28
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libkaraoke_plugin.dll
Publisher:
MD5: 8818fb1e133630d2daef256085fab870
SHA-1: b309f03c85697aefd331b1198f2469cf55e468dc
Created: 23/07/2014 01:29:28
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libparam_eq_plugin.dll
Publisher:
MD5: 0238deb66c3bc6181d05d612292faab6
SHA-1: 499223d2fc14fffb5081c633db884357b778aa04
Created: 23/07/2014 01:29:28
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libremap_plugin.dll
Publisher:
MD5: 2d0f43525b8e1a49d45083e37fc07baa
SHA-1: aae8b5c42cc27c45f15807717704e8b631993148
Created: 23/07/2014 01:29:28
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_filter\libstereo_widen_plugin.dll
Publisher:
MD5: f45011c93f16c369d2873d2674126829
SHA-1: c65c379b27d7b61d4f321b9c352f803c26ed2399
Created: 23/07/2014 01:29:28
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_mixer\libfloat_mixer_plugin.dll
Publisher:
MD5: 50547aab6ea07d139f8a15d3924bbba4
SHA-1: d814ee24f4b14b621f293001783a4c67d002a444
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_mixer\libinteger_mixer_plugin.dll
Publisher:
MD5: d77136c1a1b90fcda738a3fdce0bd0ca
SHA-1: af202c5692c816a07cf1fee01b03537b128b4c18
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_output\libadummy_plugin.dll
Publisher:
MD5: 4c8347cefdac76a5454aff83b0e06ea0
SHA-1: 0ceeb1362e6177fb78250fd2d894c0591a2e7188
Created: 23/07/2014 01:29:48
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\audio_output\libmmdevice_plugin.dll
Publisher:
MD5: a9e0ed795e3f4665ea403bf4463d89be
SHA-1: dd4aa79789acdc9681b8ae3babb961b5e5d62bde
Created: 23/07/2014 01:29:48
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libcdg_plugin.dll
Publisher:
MD5: 96f24d15e15367c31ad360c538b00486
SHA-1: e41b6a6ead3c3f63d6b1e2435f7d32cf10a1026c
Created: 23/07/2014 01:29:48
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libcrystalhd_plugin.dll
Publisher:
MD5: 92be1d2e18645d6e1efc1e261f24c68f
SHA-1: 6e763dedb9038cefa4d58faa77847c8452b3fc64
Created: 23/07/2014 01:29:48
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libdmo_plugin.dll
Publisher:
MD5: 26974c60143dcfb5ffc7c1ae1301e836
SHA-1: 6763bb3f7697f85aa9a1af1df9f85e0455f1c112
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libedummy_plugin.dll
Publisher:
MD5: 512f3b29eeb9f92d039b89771867dceb
SHA-1: 57b2e82078f1665c2617aec92fea829162e36668
Created: 23/07/2014 01:29:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libg711_plugin.dll
Publisher:
MD5: 962f04ad5e9d918b01173a25978c915f
SHA-1: 6118e2e30fa62d83918e66ed4f11299eed28f6a5
Created: 23/07/2014 01:29:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\librawvideo_plugin.dll
Publisher:
MD5: e55803b3b2612ee7a6998ee9c6045705
SHA-1: d47c9f924a922524423e0344b6044fe943f0c4a3
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libsubsusf_plugin.dll
Publisher:
MD5: 8dd6eece5ed24f45c10504bb727987f6
SHA-1: 3beeee634398b9840bfcddc13a6ee3d3293aed45
Created: 23/07/2014 01:29:48
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libt140_plugin.dll
Publisher:
MD5: 572dcedc54dff2fa94c6d834247a43a1
SHA-1: 0218595c45077ec3ca631ea8f8fa8e4e0f7b09eb
Created: 23/07/2014 01:29:48
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\codec\libtwolame_plugin.dll
Publisher:
MD5: 9b5608825cc83f730d9e4496bde26b41
SHA-1: faac8b577bf7aa0e58627c2e6d6fb3229549cd57
Created: 23/07/2014 01:29:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libdemuxdump_plugin.dll
Publisher:
MD5: 3a7497f5f7cc4134dcf1bdc28839686e
SHA-1: 9f00e30af533df40eb03082ad89405e454ece27f
Created: 23/07/2014 01:29:14
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libdemux_cdg_plugin.dll
Publisher:
MD5: aac01389abbf03a362aff4778489e16e
SHA-1: 2587e66bdf69d4b2e4694d853fc8d758a1b4200f
Created: 23/07/2014 01:29:16
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libdirac_plugin.dll
Publisher:
MD5: bbfbc09f52922a0b76bd16854f547518
SHA-1: 54b237364bbefa3627c037ecaa1412271740fe60
Created: 23/07/2014 01:29:16
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libgme_plugin.dll
Publisher:
MD5: 4daffc403c6fd7a340a5b2022fafc4b1
SHA-1: 41cbbd05ad416cae4010241f9631b9a8ecd91e20
Created: 23/07/2014 01:29:14
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libh264_plugin.dll
Publisher:
MD5: bbafc45e95b8e85bf1e7a7513b85c94e
SHA-1: 8c5eae5dba4386c6d8d7e0dc8647a8f9a5f77f37
Created: 23/07/2014 01:29:16
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libmpgv_plugin.dll
Publisher:
MD5: e7d9a02093ef4ffd620e1d547d36447a
SHA-1: c0213beb0ea7cb44cb696103cc56fc19bf07159e
Created: 23/07/2014 01:29:16
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libnsc_plugin.dll
Publisher:
MD5: 61114ebd6c3d188218bfcc458a39c257
SHA-1: 62dd26695cb794a3dd1e2f2d08e9cbb3a9ba1ce1
Created: 23/07/2014 01:29:14
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libps_plugin.dll
Publisher:
MD5: 347924c87b35c211a62a745a33b27e27
SHA-1: a201ef02862aee971cf7d9e83eccd6741b5c984b
Created: 23/07/2014 01:29:14
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\librawaud_plugin.dll
Publisher:
MD5: f85b4fe51e86f3b2428fa8881317b05e
SHA-1: 694872b79167957905e228281aa27111caae2175
Created: 23/07/2014 01:29:14
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\demux\libvc1_plugin.dll
Publisher:
MD5: 953516b246c739491aa64eff59c804b0
SHA-1: dde0c5b340653777b20148fa92bb45e3357a67ef
Created: 23/07/2014 01:29:16
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\misc\libstats_plugin.dll
Publisher:
MD5: ffc6e3a43b692d02c0446b4eb7e862cc
SHA-1: 2a2353eff505de11e9c14a969ac4454f9e2299f6
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\misc\libxml_plugin.dll
Publisher:
MD5: 9d85efd877042c04177bf4e31055cabb
SHA-1: 5564ea3f38cf190321cbd56d94e9dec16489cf3a
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\mmx\libi420_rgb_mmx_plugin.dll
Publisher:
MD5: 3395ca3cc5e25374f64f453bf2080d8d
SHA-1: 8fe38437399ec351166427f4ee2ef70a102a69b4
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\mmx\libi420_yuy2_mmx_plugin.dll
Publisher:
MD5: 678edae0676dc3d4be7ebeafa366fa4a
SHA-1: 31611532100e542a2bdc127326027aa82c4c3f83
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\mmx\libi422_yuy2_mmx_plugin.dll
Publisher:
MD5: 39ae6434d28314b1b22a6005c9ac18c9
SHA-1: f7178c6a58d4d6571da4c78073a2f6475030c3fb
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\mux\libmux_dummy_plugin.dll
Publisher:
MD5: dbd05a4ce7f3a0a5b7474dd2e0e2f30d
SHA-1: ae75737dc743a4a079011eb37edabc644841e225
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\mux\libmux_ps_plugin.dll
Publisher:
MD5: 0c9c3dd3691213af5d411dcf5d6b46db
SHA-1: 1e0b0e1923354763540922b7401672c623b566b9
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\mux\libmux_ts_plugin.dll
Publisher:
MD5: 0487e3170c9d375b9ffe03554c9ef181
SHA-1: 6d0957d0ebcb52a637411d6a6ff2f99a8ca1cf93
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\services_discovery\libmediadirs_plugin.dll
Publisher:
MD5: 598b0f34d77c728eabefcfa1e886cd24
SHA-1: 21af0ba2986539f7b3b534110fb96921d5b7f64a
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\sse2\libi420_rgb_sse2_plugin.dll
Publisher:
MD5: 10c333d3f8823932f8c504fbb970bff4
SHA-1: fa565fbc71cb3473630cf38787a40f8972bdd093
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\sse2\libi420_yuy2_sse2_plugin.dll
Publisher:
MD5: 2abf2b1ce7d6728f4899c25f8002fba8
SHA-1: 937c9e4b3002d8064f0aa1c21062c52110371402
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\sse2\libi422_yuy2_sse2_plugin.dll
Publisher:
MD5: 86dc5fb679be535c0ef02b9bff580b83
SHA-1: cc3e886c5f27cfe10c3692d815b1f719854e1d85
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_filter\librecord_plugin.dll
Publisher:
MD5: a1a5c11ddb16de35ffa397cdb5989f52
SHA-1: 5985b297234cd8af673473adcbcda322ef1ba1d1
Created: 23/07/2014 01:29:12
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_autodel_plugin.dll
Publisher:
MD5: 8964d6630de35613ec2b0b74dac16394
SHA-1: 90f76e7da3b84c40aeca4149de0d45f695c42359
Created: 23/07/2014 01:29:28
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_description_plugin.dll
Publisher:
MD5: 8a7118c263c78c58be7f196713214390
SHA-1: 769614f6a43f4aed764c35441fa8382432236ad1
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_display_plugin.dll
Publisher:
MD5: a2e17f5f5a9afb795b48ab6b0d278361
SHA-1: de301599c200857765b65cba698a4136ae09cfe3
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_gather_plugin.dll
Publisher:
MD5: 2e50cba9eee867db7a5adb1ecca61bc0
SHA-1: a00ee7cdf300de4e44a8d336a722ea962f1ae144
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_langfromtelx_plugin.dll
Publisher:
MD5: 705ddf3997c68b4a17f281e9bd043967
SHA-1: d214d1f3adb34cf37228da43054f271f5ff1b255
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_setid_plugin.dll
Publisher:
MD5: 8a64e3412517d5e84353a73dc7689250
SHA-1: 0bcf9bf9bc4012d61ec0d97605894ff0773d544b
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\stream_out\libstream_out_smem_plugin.dll
Publisher:
MD5: 235949f1943107f9860681a3b5eb6342
SHA-1: f8e744d81738b07167bb6c57c58d07bbc1ccbcb1
Created: 23/07/2014 01:29:26
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\text_renderer\libtdummy_plugin.dll
Publisher:
MD5: f8ccbfce6160fcced15a8ef3129dbd43
SHA-1: 99b7d84f58179c8c841a09e42a8fb93e8de8b589
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libgrey_yuv_plugin.dll
Publisher:
MD5: 71fd96e421c3ee4935cb521a86127781
SHA-1: 6d3497fbe7b5ae8ff289b64b025378a8b719f32b
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libi420_yuy2_plugin.dll
Publisher:
MD5: 242fe6116af190aa822cfae3717af2d8
SHA-1: ac4676c8e2f80971d544d87d00ac68886f55e833
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libi422_i420_plugin.dll
Publisher:
MD5: 5d020ed80b05b2df23c713f2b92c9474
SHA-1: 75e709bd9fb8c197c5ef4c4ebb964eec4ea6c6d5
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libi422_yuy2_plugin.dll
Publisher:
MD5: ea71e0f0b277a73831fef0c717bd8b0e
SHA-1: d3b8d32c0691878665dbf27cbe8a48d89cb2a32f
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\librv32_plugin.dll
Publisher:
MD5: b2401f361d032307ac92e0a3187ad097
SHA-1: e598f3b42b5ad92d6fb1f072d73007b949307b0e
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libyuy2_i420_plugin.dll
Publisher:
MD5: 74251ce4fdd751a76a12f377f47d01a0
SHA-1: 3b5139f04075840fe8ed769a439b0033c4ae9c91
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_chroma\libyuy2_i422_plugin.dll
Publisher:
MD5: 29b18dbe62bad512934b293291ca004e
SHA-1: 7ac7d52d4ea47ec66d3aa604f2244cd6e8644dd5
Created: 23/07/2014 01:29:22
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libalphamask_plugin.dll
Publisher:
MD5: 8c966c0b27d9097d5ea75f0d9246339d
SHA-1: 8b1bcde764ed7ec204042df3c1d47b257c83b586
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libanaglyph_plugin.dll
Publisher:
MD5: 2e64bec9e26d6711164746ce41130612
SHA-1: cb5c6cb976d20f5e7f1f96202fbee46c8c73f673
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libantiflicker_plugin.dll
Publisher:
MD5: 37e6144a1f8f456b40e46e582411b845
SHA-1: 48fd346012c9d47e1fccae9069b40f546da9b401
Created: 23/07/2014 01:29:30
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libball_plugin.dll
Publisher:
MD5: f0f26341473cf2d1e8210fe71d7f0db5
SHA-1: 1808f1346e969a21eda03d1d47ca135af982dfe4
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libblendbench_plugin.dll
Publisher:
MD5: f325da3a097bdccb7ef642cb6ff2de66
SHA-1: 0a315937977346f18225722d2a8195e05c349ea6
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libclone_plugin.dll
Publisher:
MD5: c75ceefbc7c3044cdfe5bf8518a6b4b6
SHA-1: 4e9dba5a2e440bef6a611d04e928b37bb6c6dd45
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libcolorthres_plugin.dll
Publisher:
MD5: c8236337fbff293938a7bfb0f5919ca4
SHA-1: a3a94103180a6ad819a8647a8c773986d09900c4
Created: 23/07/2014 01:29:32
Detections: 2
Determination: Inconclusive
- Bkav FE as W32.HfsAutoB (Undefined)
- Emsisoft Anti-Malware as Backdoor.Turkojan.AB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libcroppadd_plugin.dll
Publisher:
MD5: bace6ced181bece7edb664c0eb956ac5
SHA-1: 131fbca7b194d1539c6d859c823c779e3186beae
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\liberase_plugin.dll
Publisher:
MD5: ab4e4d95ce89daae3b278a4d145a2ee5
SHA-1: d4e3ddbbab0a5e17db0505c6122dd2130660e53b
Created: 23/07/2014 01:29:30
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libextract_plugin.dll
Publisher:
MD5: 0d89e5dc4c96be2b927b0c7c071e2437
SHA-1: c222f4cb2a219227746a11d8be336d5b06e277bd
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libinvert_plugin.dll
Publisher:
MD5: 4c286396fc9f128876be574ab4cd0ae6
SHA-1: ee08becc4b92b67d4f2cd8d15bd233ac70679ce8
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\liblogo_plugin.dll
Publisher:
MD5: 99b1d8643c89ad1e7588a4ada37f7e7d
SHA-1: 2e6d811425399fdfb549dc74a9de303fbd9373dd
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmagnify_plugin.dll
Publisher:
MD5: 2587d3303f4b82152acbea9420079136
SHA-1: 4c3a6594cd27a0ddb93c7d7941f9c6abb1f6e32f
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmarq_plugin.dll
Publisher:
MD5: a5b8d8860ace7c11f9ca1cb0cd66b035
SHA-1: 2396a8b55d6dbaf8f4d2838b4d8455684a181304
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmirror_plugin.dll
Publisher:
MD5: fa8b8d9aedbf73a961d379e39b82600e
SHA-1: 46397e0e53c7c0319bf3fff697baf142678f3a44
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmotionblur_plugin.dll
Publisher:
MD5: b91650b588e35f74c3f3654b8f1501ab
SHA-1: 90ba6a5fc4902ee1a72bee01bedd9830655fb57c
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libmotiondetect_plugin.dll
Publisher:
MD5: ac02598fd259f0014d4e033beb664e07
SHA-1: ab7a64d30408c549040ec2ac4d9e08703bd199a7
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libpanoramix_plugin.dll
Publisher:
MD5: 414659d83af4575a47e386c9e3dac96b
SHA-1: fadd68c3473a6b6dcfe42cc50e4f1f7bfd7ff081
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libposterize_plugin.dll
Publisher:
MD5: 37e9829a73c3d21825f5bc5d148bba4e
SHA-1: 794f20e55ad40fb5ac72f2d48ba35e4853ed3454
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libpsychedelic_plugin.dll
Publisher:
MD5: 8a754865a2acfff9c8c8513532b50280
SHA-1: 47dcaca4355315e29c9ab901344cf8f9e66eaf9c
Created: 23/07/2014 01:29:30
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libpuzzle_plugin.dll
Publisher:
MD5: 485022d33a9d4323e813b099fac74634
SHA-1: 69185752d830775e7a9ac72e3bc477e70fd80199
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libripple_plugin.dll
Publisher:
MD5: b5fd6fc55500035bed4cf0b75ab18622
SHA-1: 0cea5ba9d241f84770e2337c5332c8782a985f72
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\librotate_plugin.dll
Publisher:
MD5: 1ef7722f4efc0fb136e7fbb006ade35a
SHA-1: 275024703539cc42515b970feecad2ca8d4aaf67
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libscale_plugin.dll
Publisher:
MD5: 958698cc1962ff0b91aaf3e5fc88fa1c
SHA-1: bf0eedc77f0ebc4ce4dba102b817a48ac04b017c
Created: 23/07/2014 01:29:30
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libsepia_plugin.dll
Publisher:
MD5: 12a6edae293e0ece1b73c50a435c3e33
SHA-1: 16795ca197ab7ab3ee5f17acf176ea3f2b1e8a7a
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libsharpen_plugin.dll
Publisher:
MD5: a0c294320b299ddd057b0e10f6c02393
SHA-1: 605854046553dcf7410725ba00df1de49f3ae73e
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libtransform_plugin.dll
Publisher:
MD5: e457d53746b1d6f749f9404be5d5cf52
SHA-1: 40b2b0a32541ad15f11b23205153f7746cc8c5b4
Created: 23/07/2014 01:29:34
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)
- AegisLab AV Signature as Troj.W32.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libwall_plugin.dll
Publisher:
MD5: fe3c31460541a5ab3db90c3f803d1b78
SHA-1: a5d1ed594426d0e78c07472c782f88e35a86663a
Created: 23/07/2014 01:29:30
Detections: 2
Determination: Inconclusive
- Bkav FE as W32.HfsAutoB (Undefined)
- Emsisoft Anti-Malware as Win32.Virtob.Gen.12 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libwave_plugin.dll
Publisher:
MD5: 7f8066316426677c63895946e8273d66
SHA-1: 1d62c63930b666447fe0b40e16aee5ff5c531cfa
Created: 23/07/2014 01:29:32
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_filter\libyuvp_plugin.dll
Publisher:
MD5: f9eac92dc4b70482d55d1587ec4169c2
SHA-1: edafe8b9b1114e7661b185583c4f2a3174f54fdc
Created: 23/07/2014 01:29:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_output\libcaca_plugin.dll
Publisher:
MD5: 77d9c0605951192b20867dec891f7e05
SHA-1: d62fa0e52f17d717d62b1c48d0ad7ef7143fda9e
Created: 23/07/2014 01:29:20
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_output\libdrawable_plugin.dll
Publisher:
MD5: 1fd0ddc20c50370e45da9dd5de9590b4
SHA-1: cbc6f34c64b85c4bad3e31dd225d407304754c9c
Created: 23/07/2014 01:29:22
Detections: 2
Determination: Inconclusive
- Bkav FE as W32.HfsAutoB (Undefined)
- Emsisoft Anti-Malware as Android.Adware.Minimob (Adware)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\videolan\vlc\plugins\video_output\libvmem_plugin.dll
Publisher:
MD5: 3866b89ee1eafd83138340b7ff829714
SHA-1: 7e00fa566e2486927e51944f81bc6ed196619fff
Created: 23/07/2014 01:29:20
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\luca\appdata\local\dati applicazioni\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/02/2015 10:32:05
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)






Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 15.0.1 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.1 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````




Thank you (y)
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Nothing of interest to worry about, run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

If no remaining issues or concerns hit the "Mark Solved" tab at the top of the thread....

Thanks,

Kevin...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top