Jump to content

LPava

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Everything posted by LPava

  1. LPava
    MBAM scan is fine (log below) and after some hours of use the computer shows no signs of troubles. Problem solved (as mush as possible)? Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.17.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 asus :: ASUS-PC [administrator] 18/10/2012 01:30:28 mbam-log-2012-10-18 (01-30-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229338 Time elapsed: 10 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. LPava
    Last log. Looks better if I'm not mistaken RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : asus [Admin rights] Mode : Scan -- Date : 10/17/2012 20:38:33 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe -> KILLED [TermProc] [sUSP PATH] NDSPCShowServer.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe -> KILLED [TermProc] [sUSP PATH] FACEBO~1.EXE -- C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-170201479-1053690467-1054435267-1001[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND [sTARTUP][sUSP PATH] Facebook Messenger.lnk @asus : C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] 5275c8427b66ee1565afcdf4f9f41c9e [bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 119235 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289257472 | Size: 335700 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[11].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
  3. LPava
    Sorry for the delay. The computer now is running apparently with no issues, MBAM detected nothing while it seems RogueKiller still shows some problems. Here are the logs: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.17.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 asus :: ASUS-PC [administrator] 17/10/2012 17:55:50 mbam-log-2012-10-17 (17-55-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229608 Time elapsed: 7 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : asus [Admin rights] Mode : Scan -- Date : 10/17/2012 19:57:28 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe -> KILLED [TermProc] [sUSP PATH] NDSPCShowServer.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe -> KILLED [TermProc] [sUSP PATH] FACEBO~1.EXE -- C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-170201479-1053690467-1054435267-1001[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND [sTARTUP][sUSP PATH] Facebook Messenger.lnk @asus : C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\U --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] 5275c8427b66ee1565afcdf4f9f41c9e [bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 119235 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289257472 | Size: 335700 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
  4. LPava
    ComboFix ran smoothly, hope that everything is fine now. Log is below, some lines are in italian, hope it's not a problem otherwise I'd translate it ComboFix 12-10-17.03 - asus 17/10/2012 17:08:47.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4001.2214 [GMT 2:00] Eseguito da: c:\users\asus\Desktop\ComboFix.exe AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0} AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Creato nuovo punto di ripristino . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Your Product\Uninstall c:\program files (x86)\Your Product\Uninstall\IRIMG1.JPG c:\program files (x86)\Your Product\Uninstall\IRIMG2.JPG c:\program files (x86)\Your Product\Uninstall\uninstall.dat c:\program files (x86)\Your Product\Uninstall\uninstall.xml c:\programdata\FullRemove.exe . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NVSvc . . ((((((((((((((((((((((((( Files Creati Da 2012-09-17 al 2012-10-17 ))))))))))))))))))))))))))))))))))) . . 2012-10-14 08:44 . 2012-10-14 08:44 -------- d-----w- c:\program files (x86)\Adobe Media Player 2012-10-14 08:40 . 2012-10-14 08:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-10-10 08:58 . 2012-10-10 08:58 -------- d-----w- c:\program files (x86)\Common Files\Comodo 2012-10-09 06:44 . 2012-10-09 06:44 -------- d-----w- C:\found.000 2012-10-06 14:20 . 2012-10-06 14:20 -------- d-----w- c:\program files (x86)\2K Sports 2012-09-28 10:36 . 2012-09-28 10:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller 2012-09-27 14:08 . 2012-09-27 14:08 -------- d-----w- c:\programdata\Canneverbe Limited 2012-09-27 14:07 . 2012-09-27 14:07 -------- d-----w- c:\program files (x86)\CDBurnerXP 2012-09-25 16:29 . 2012-09-25 16:32 -------- d-----w- c:\users\asus\AppData\Roaming\Origin 2012-09-25 16:29 . 2012-09-28 10:25 -------- d-----w- c:\program files (x86)\Origin Games 2012-09-25 16:29 . 2012-09-28 10:52 -------- d-----w- c:\users\asus\AppData\Local\Origin 2012-09-25 16:23 . 2012-09-28 10:54 -------- d-----w- c:\programdata\Origin 2012-09-25 16:23 . 2012-09-28 10:54 -------- d-----w- c:\programdata\Electronic Arts 2012-09-25 16:23 . 2012-09-25 16:29 -------- d-----w- c:\program files (x86)\Origin 2012-09-23 08:21 . 2012-09-23 08:23 -------- d-----w- c:\program files\CCleaner 2012-09-20 08:43 . 2012-09-20 08:43 -------- d-----w- C:\temp 2012-09-20 07:57 . 2012-10-12 10:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-20 07:57 . 2012-10-12 10:01 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-20 07:57 . 2012-09-20 07:57 -------- d-----w- c:\windows\system32\Macromed 2012-09-20 07:52 . 2012-09-20 07:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-09-18 16:14 . 2012-09-18 16:14 -------- d-----w- c:\windows\Sun 2012-09-18 16:14 . 2012-09-18 16:14 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-18 16:13 . 2012-09-18 16:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-18 16:13 . 2012-09-18 16:13 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-18 16:13 . 2012-09-18 16:13 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-18 16:13 . 2012-09-18 16:13 -------- d-----w- c:\program files (x86)\Java 2012-09-18 08:05 . 2012-09-18 08:05 -------- d-----w- c:\users\Default\AppData\Local\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-20 08:27 . 2012-08-17 10:33 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-09-14 03:17 . 2012-08-24 14:54 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-09-08 12:33 . 2012-09-04 14:37 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-09-08 12:33 . 2012-09-04 14:22 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-09-08 08:50 . 2012-09-04 14:22 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-09-07 15:04 . 2012-08-25 10:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-06 21:26 . 2012-09-06 21:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-09-04 14:37 . 2012-09-04 14:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-09-04 14:19 . 2012-09-04 14:22 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-08-30 19:14 . 2012-09-09 10:16 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-08-30 19:14 . 2011-03-17 15:48 971624 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-08-30 19:14 . 2011-03-17 15:48 2725224 ----a-w- c:\windows\system32\nvapi64.dll 2012-08-30 19:14 . 2011-03-17 15:48 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-08-30 19:14 . 2011-03-17 15:48 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-08-30 16:18 . 2010-12-05 10:13 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-08-30 16:18 . 2010-12-05 10:13 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-08-30 16:18 . 2010-12-05 10:13 865640 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-08-30 16:18 . 2010-12-05 10:13 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-08-30 16:18 . 2010-12-05 10:13 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-08-30 16:18 . 2010-12-05 10:13 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-30 16:18 . 2010-12-05 10:13 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-08-30 16:18 . 2010-12-05 10:12 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-08-30 16:17 . 2010-12-05 10:13 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-08-28 15:37 . 2012-08-28 15:37 108368 ----a-r- c:\users\asus\AppData\Roaming\Microsoft\Installer\{FEC1DF97-E716-4CD8-A55B-75C373912D35}\ARPPRODUCTICON.exe 2012-08-28 15:02 . 2012-08-28 15:04 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2012-08-28 15:02 . 2012-08-28 15:03 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL 2012-08-28 15:02 . 2012-08-28 15:03 118784 ----a-w- c:\windows\system32\E_ILMGGE.DLL 2012-08-25 01:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-08-25 01:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-08-24 01:14 . 2012-08-24 01:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-08-24 01:14 . 2012-08-24 01:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-08-24 01:14 . 2012-08-24 01:14 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 01:14 . 2012-08-24 01:14 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 01:14 . 2012-08-24 01:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-08-24 01:14 . 2012-08-24 01:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-08-24 01:14 . 2012-08-24 01:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-08-24 01:14 . 2012-08-24 01:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-08-24 01:14 . 2012-08-24 01:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-08-24 01:14 . 2012-08-24 01:14 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-08-24 01:14 . 2012-08-24 01:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-08-24 01:14 . 2012-08-24 01:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 01:14 . 2012-08-24 01:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-08-24 01:14 . 2012-08-24 01:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-08-24 01:14 . 2012-08-24 01:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-08-24 01:14 . 2012-08-24 01:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 01:14 . 2012-08-24 01:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-24 01:14 . 2012-08-24 01:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 01:14 . 2012-08-24 01:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-08-24 01:14 . 2012-08-24 01:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-08-24 01:14 . 2012-08-24 01:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-08-24 01:14 . 2012-08-24 01:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-08-24 01:14 . 2012-08-24 01:14 222208 ----a-w- c:\windows\system32\msls31.dll 2012-08-24 01:14 . 2012-08-24 01:14 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 01:14 . 2012-08-24 01:14 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 01:14 . 2012-08-24 01:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-08-24 01:14 . 2012-08-24 01:14 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 01:14 . 2012-08-24 01:14 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 01:14 . 2012-08-24 01:14 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-08-24 01:14 . 2012-08-24 01:14 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-08-24 01:14 . 2012-08-24 01:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-08-24 01:14 . 2012-08-24 01:14 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-08-24 01:14 . 2012-08-24 01:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-08-24 01:14 . 2012-08-24 01:14 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-08-24 01:14 . 2012-08-24 01:14 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 01:14 . 2012-08-24 01:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 01:14 . 2012-08-24 01:14 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 01:14 . 2012-08-24 01:14 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 01:14 . 2012-08-24 01:14 197120 ----a-w- c:\windows\system32\msrating.dll 2012-08-24 01:14 . 2012-08-24 01:14 17809920 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 01:14 . 2012-08-24 01:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 01:14 . 2012-08-24 01:14 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-08-24 01:14 . 2012-08-24 01:14 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-08-24 01:14 . 2012-08-24 01:14 149504 ----a-w- c:\windows\system32\occache.dll 2012-08-24 01:14 . 2012-08-24 01:14 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-08-24 01:14 . 2012-08-24 01:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-08-24 01:14 . 2012-08-24 01:14 12288 ----a-w- c:\windows\system32\mshta.exe 2012-08-24 01:14 . 2012-08-24 01:14 114176 ----a-w- c:\windows\system32\admparse.dll 2012-08-24 01:14 . 2012-08-24 01:14 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-08-24 01:14 . 2012-08-24 01:14 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 01:14 . 2012-08-24 01:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-08-24 01:14 . 2012-08-24 01:14 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 01:14 . 2012-08-24 01:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-08-24 01:14 . 2012-08-24 01:14 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-08-24 01:14 . 2012-08-24 01:14 82432 ----a-w- c:\windows\system32\icardie.dll 2012-08-24 01:14 . 2012-08-24 01:14 697344 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 01:14 . 2012-08-24 01:14 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 01:14 . 2012-08-24 01:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-08-24 01:14 . 2012-08-24 01:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-08-24 01:14 . 2012-08-24 01:14 448512 ----a-w- c:\windows\system32\html.iec 2012-08-24 01:14 . 2012-08-24 01:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-08-24 01:14 . 2012-08-24 01:14 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-08-24 01:14 . 2012-08-24 01:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-08-24 01:14 . 2012-08-24 01:14 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-24 01:14 . 2012-08-24 01:14 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-08-24 01:14 . 2012-08-24 01:14 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-08-24 01:14 . 2012-08-24 01:14 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 01:14 . 2012-08-24 01:14 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-08-24 01:14 . 2012-08-24 01:14 160256 ----a-w- c:\windows\system32\wextract.exe 2012-08-24 01:14 . 2012-08-24 01:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 01:14 . 2012-08-24 01:14 103936 ----a-w- c:\windows\system32\inseng.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D"="c:\users\asus\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-10 1239064] "Spotify Web Helper"="c:\users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176] "PCShowServer"="c:\users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [2012-04-17 525680] "Facebook Update"="c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-29 138096] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888] "SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504] "RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-17 222504] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "tvncontrol"="c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" [2012-09-28 1815040] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] . c:\users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-23 27112840] Facebook Messenger.lnk - c:\users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-17 548528] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-3-17 12862] Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe [2012-10-5 49360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 116648] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 250808] R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032] R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 116648] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-11 22696] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-06 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-10-05 70352] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-08-28 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-08-28 128512] S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-09-28 1815040] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856] S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-06 42392] . . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - WS2IFSL . Contenuto della cartella 'Scheduled Tasks' . 2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 10:01] . 2012-09-02 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2012-08-27 15:07] . 2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001Core.job - c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 10:32] . 2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001UA.job - c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 10:32] . 2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 09:13] . 2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 09:13] . 2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001Core.job - c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 09:08] . 2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001UA.job - c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 09:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448] "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-03 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-03 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-03 417304] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe c:\windows\AsScrPro.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Ora fine scansione: 2012-10-17 17:26:42 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-10-17 15:26 . Pre-Run: 2.420.563.968 byte disponibili Post-Run: 5.951.270.912 byte disponibili . - - End Of File - - 27AF19997428C67056D9D2309A877554
  5. LPava
    Thanks again for the super fast help. Seems I've been infected with a nasty thing though I try to be as careful as possible and never had any other infections. Any ideas on how could it be possible? I will try with the procedure you explained at the moment, but I'm also planning to re-install the OS as soon as possible. Will my computer be considered secure then? I'll also let you know when the cleanup is over.
  6. LPava
    Thanks for the reply. Rogue Killer detected ZeroAccess and redirected me to a page with instructions on how to get rid of it, but I'll wait for your advice before proceeding. Here is the log: RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : asus [Admin rights] Mode : Scan -- Date : 10/17/2012 16:18:48 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe -> KILLED [TermProc] [sUSP PATH] FACEBO~1.EXE -- C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> KILLED [TermThr] [sUSP PATH] NDSPCShowServer.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe -> KILLED [TermThr] ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-170201479-1053690467-1054435267-1001[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND [sTARTUP][sUSP PATH] Facebook Messenger.lnk @asus : C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND [susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] 5275c8427b66ee1565afcdf4f9f41c9e [bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 119235 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289257472 | Size: 335700 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  7. LPava
    Hello everyone, starting few days ago chrome has started opening new tabs on his own containing ads. MBAB and Comodo do detect something, apparently a malware in C:\windos\installer subfolders, but they're not able to stop it since new tabs are still opening and running scans the infected objects till there. These are DDS logs: DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by asus at 15:40:29 on 2012-10-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4001.1256 [GMT 2:00] . AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0} AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\FBAgent.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Trend Micro\Titanium\TiMiniService.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe C:\Windows\system32\conhost.exe C:\ExpressGateUtil\VAWinService.exe C:\Windows\AsScrPro.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\vsnp2uvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIGGE.EXE C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\ExpressGateUtil\VAWinAgent.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Users\asus\AppData\Roaming\Spotify\spotify.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mWinlogon: Userinit = userinit.exe, BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [AdobeBridge] <no file> mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" mRun: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" -controlservice -slave mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin StartupFolder: C:\Users\asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{4AD4A989-9A2C-4143-A9FD-C4BF8F9F14E9} : DHCPNameServer = 8.8.8.8 TCP: Interfaces\{5273DF40-0ABA-4EAA-AC68-3ECA7400C849} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4}\051667166616D6D246F677E6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4}\46C696E6B6 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4}\A516E6F6C6C616 : DHCPNameServer = 193.70.152.15 193.70.152.25 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-mStart Page = hxxp://asus.msn.com x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-9-20 30056] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22696] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 577824] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 43248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-9-6 283200] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-3-17 379520] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-10-5 70352] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-8-28 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-8-28 128512] R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-9-28 1815040] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 676936] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-20 1258856] R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-27 241488] R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-3-17 67664] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-17 2656280] R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-8 129024] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2010-11-20 210944] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2010-11-20 49664] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-25 25928] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-17 56344] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-7-14 7821312] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-17 333928] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-10-6 42392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-13 116648] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-20 250808] S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-3-17 267480] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-17 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-13 116648] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-20 340240] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-24 59392] S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-10-10 08:58:55 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo 2012-10-09 06:44:19 -------- d-sh--w- C:\found.000 2012-10-06 14:20:34 -------- d-----w- C:\Program Files (x86)\2K Sports 2012-09-28 10:36:13 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2012-09-27 14:08:07 -------- d-----w- C:\ProgramData\Canneverbe Limited 2012-09-25 16:29:42 -------- d-----w- C:\Users\asus\AppData\Roaming\Origin 2012-09-25 16:29:40 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-09-25 16:29:39 -------- d-----w- C:\Users\asus\AppData\Local\Origin 2012-09-25 16:23:56 -------- d-----w- C:\ProgramData\Origin 2012-09-25 16:23:53 -------- d-----w- C:\ProgramData\Electronic Arts 2012-09-25 16:23:46 -------- d-----w- C:\Program Files (x86)\Origin 2012-09-23 08:21:56 -------- d-----w- C:\Program Files\CCleaner 2012-09-20 08:43:08 -------- d-----w- C:\temp 2012-09-20 07:57:05 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-20 07:57:05 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-20 07:52:48 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-09-18 16:13:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-18 16:13:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-18 16:13:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll . ==================== Find3M ==================== . 2012-09-20 08:27:18 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-09-08 12:33:54 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-09-08 12:33:54 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-09-08 08:50:56 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-06 21:26:06 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-09-04 14:37:23 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-09-04 14:19:57 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe 2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-08-30 16:18:05 865640 ----a-w- C:\Windows\System32\nv3dappshext.dll 2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-08-30 16:18:05 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-08-30 16:18:04 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll 2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll 2012-08-28 15:02:37 88064 ----a-w- C:\Windows\System32\E_IBCBGGE.DLL 2012-08-28 15:02:37 118784 ----a-w- C:\Windows\System32\E_ILMGGE.DLL 2012-08-28 15:02:37 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL 2012-08-25 01:37:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-08-25 01:37:19 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-08-23 11:09:39 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-08-23 11:09:39 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll . ============= FINISH: 15:43:20,21 =============== DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 17/08/2012 12:32:40 System Uptime: 17/10/2012 04:26:53 (11 hours ago) . Motherboard: ASUSTeK Computer Inc. | | N53SV Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 1880/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 2,435 GiB free. D: is FIXED (NTFS) - 328 GiB total, 162,317 GiB free. E: is CDROM () F: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? ????? Messenger ?????? ??????? ?? Windows Live ??????? Windows Live Mesh ActiveX ??? Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe InDesign CS5 Adobe Media Player Adobe Photoshop CS6 Adobe Photoshop Lightroom 4.1 64-bit Aggiornamenti NVIDIA 1.10.8 Alcor Micro USB Card Reader America's Army 3 ASUS AI Recovery ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear Hybrid ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Video Magic ASUS Virtual Camera ASUS WebStorage ASUS_Screensaver AsusVibe2.0 ATK Package µTorrent BlackBerry Desktop Software 6.1 calibre CCleaner CDBurnerXP COMODO Internet Security Complemento Messenger Complément Messenger Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas CyberLink PowerDVD 10 D3DX10 DAEMON Tools Lite EndNote X5 EPSON Scan EPSON SX125 Series Printer Uninstall ETDWare PS/2-x64 7.0.5.16_WHQL ExpressGate Cloud Facebook Messenger 2.1.4631.0 Fast Boot FIFA 13 Finale SongWriter 2012 Fresco Logic USB3.0 Host Controller Galeria de Fotografias do Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live GeekBuddy Google Chrome Google Drive Google Update Helper Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor Intel® Wireless Display IrfanView (remove only) Java 7 Update 7 Java Auto Updater JDownloader 0.9 Junk Mail filter update Malwarebytes Anti-Malware versione 1.65.0.1400 Mesh Runtime Messenger ???? Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) Microsoft .NET Framework 4 Client Profile ITA Language Pack Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Native Instruments B4 II Nuance PDF Reader NVIDIA 3D Vision Controller Driver NVIDIA Driver del controller 3D Vision 306.23 NVIDIA Driver grafico 306.23 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA PhysX NVIDIA PhysX System Software 9.12.0604 NVIDIA Update Components Origin Pannello di controllo NVIDIA 306.23 PDF Settings CS5 PDF Settings CS6 PunkBuster Services Raccolta foto di Windows Live Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver ResearchSoft Direct Export Helper S?????? f?t???af??? t?? Windows Live Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Sky Go Player Skype™ 5.10 SonicMaster SopCast 3.5.0 Spotify St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? Steam syncables desktop SE Trend Micro Titanium Internet Security TunnelBear 1.0.31 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) USB2.0 UVC 2M WebCam VLC media player 2.0.2 Windows Live Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash WinRAR 4.20 (64-bit) Wireless Console 3 Your Product . ==== End Of File =========================== Thanks to everyone with the patience of helping me!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.