New
#11
Could you please upload your Malwarebytes log file, which is created at the end of the test.
Start > Open Malwarebytes > Logs
I couldn't find anything regarding the registry key with Microsoft's Malware Encyclopedia, but one article suggested that PUP means Possibly Unwanted Program, and was linked to a registry key used by Google Chrome.
Scan with:
No threats with Anti-rootkit TDSSKiller
My Malwarebytes antimalware log:
Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free anti-malware download
Versione database: v2013.01.31.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nazareno :: DESKTOPZ1 [limitato]
31/01/2013 23:24:55
mbam-log-2013-01-31 (23-24-55).txt
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 209039
Tempo impiegato: 4 minuti, 23 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Nessuna azione intrapresa.
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Spostato in quarantena ed eliminato con successo.
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
(fine)
What extensions are using with Google Chrome? I also see, that you had a trojan too, I'm glad that has been removed.Considerable keys of register:
2 HKLM \ SOFTWARE \ Google \ Chrome \ Extensions \ kincjchfokkeneeofpeefomkikfkiedl (PUP. FCTPlugin) -> No action Undertaken.
HKCR \ AppID \ {186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan. BHO) -> Moved in quarantine and eliminated with success.
PUP. FCTPlugin is linked to Facetheme Toolbar, it's most probably a form of spyware which manged to get bundled or slip in with a download without you noticing, since you don't have extensions it's probably best to remove it.
Your welcome, leave this thread open for about a week, and if no problems occur within that time, then you can mark the thread as solved :)