Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can you help me with ComboFix?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Eu93

Eu93

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 08 July 2016 - 06:36 AM

Hello everyone, I am new in this forum and I hope you can help me with the use of program ComboFix.
I am Italian so I am sorry for my English.. Hope I will be able to explain my problem.

I download the program ComboFix because I think I have some virus ( a lot of advertising open when I am using google chrome ) and I did the scan. Now ComboFix gave me the output "log".txt and I road that I have to attach this file in a topic where there are some expert who can help me to understand what to do.

I write on this section because I use window 7. Is this the right section?

Edited by Orange Blossom, 08 July 2016 - 07:30 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Eu93

Eu93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 08 July 2016 - 06:45 AM

Anyone know how can I attach the file? 



#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:07 PM

Posted 08 July 2016 - 07:32 AM

Hello Eu93,

I've moved your topic to the correct forum for you.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button. Since you have run ComboFix, please include the ComboFix log in the reply.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, include the information that you were unable to produce the other logs, include the ComboFix log, and describe what happens when you try to create the other logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:07 PM

Posted 08 July 2016 - 08:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

After reviewing the Guide please post the requested logs and I will review them.

#5 Eu93

Eu93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 09 July 2016 - 06:01 AM

Thanks for helping me. This is the log:

 

ComboFix 16-06-30.01 - eugenia 08/07/2016  12:55:11.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3950.1711 [GMT 2:00]
Eseguito da: c:\users\eugenia\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\VLC Player GPU+
c:\program files (x86)\VLC Player GPU+\path.inf
c:\windows\msdownld.tmp
c:\windows\SysWow64\8bf2985e.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2016-06-08 al 2016-07-08  )))))))))))))))))))))))))))))))))))
.
.
2016-07-08 11:11 . 2016-07-08 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-08 10:49 . 2016-07-08 10:49 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB59F600-FE99-4B77-8596-C149371497C8}\offreg.904.dll
2016-07-07 09:18 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB59F600-FE99-4B77-8596-C149371497C8}\mpengine.dll
2016-07-07 09:18 . 2016-05-24 19:33 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88689E49-F95C-40D0-91CE-C82100B70328}\gapaengine.dll
2016-07-06 05:19 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-06-23 18:20 . 2016-06-28 09:00 -------- d-----w- c:\users\eugenia\AppData\Local\gtk-2.0
2016-06-20 09:35 . 2016-06-28 09:52 -------- d-----w- c:\users\eugenia\AppData\Roaming\gretl
2016-06-20 09:32 . 2016-06-20 09:33 -------- d-----w- c:\program files (x86)\gretl
2016-06-15 20:44 . 2016-05-18 16:10 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-06-15 20:44 . 2016-05-18 16:09 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-06-15 20:44 . 2016-05-12 17:15 2048 ----a-w- c:\windows\system32\tzres.dll
2016-06-15 20:44 . 2016-05-12 15:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-06-15 20:42 . 2016-05-12 17:14 502272 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-06-15 20:41 . 2016-05-20 21:59 34304 ----a-w- c:\windows\system32\iernonce.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-08 10:34 . 2011-12-28 23:03 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-07-07 00:39 . 2010-12-05 16:22 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-06-15 21:48 . 2011-02-17 16:30 142482544 ----a-w- c:\windows\system32\MRT.exe
2016-05-24 19:33 . 2011-03-25 22:56 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-14 13:49 . 2016-05-24 20:21 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2016-04-14 13:21 . 2016-05-24 20:21 647680 ----a-w- c:\windows\system32\d3d10level9.dll
2016-04-13 13:39 . 2014-01-14 15:53 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-13 13:39 . 2014-01-14 15:53 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-11 14:00 . 2016-04-11 14:00 82432 ----a-w- c:\users\eugenia\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2016-04-11 14:00 . 2016-04-11 14:00 44544 ----a-w- c:\users\eugenia\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2016-04-11 14:00 . 2016-04-11 14:00 1275392 ----a-w- c:\users\eugenia\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-28 08:29 222712 ----a-w- c:\users\eugenia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-28 08:29 222712 ----a-w- c:\users\eugenia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-28 08:29 222712 ----a-w- c:\users\eugenia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-05-17 20:06 1741096 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-05-17 20:06 1741096 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-05-17 20:06 1741096 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\eugenia\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-21 134512]
"EPLTarget\P0000000000000003"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE" [2013-12-16 298560]
"uTorrent"="c:\users\eugenia\AppData\Roaming\uTorrent\uTorrent.exe" [2016-05-24 2133504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-12-17 60688]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-29 5515496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 271744]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2015-05-31 650784]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2015-05-31 863776]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2014-06-10 1065024]
.
c:\users\eugenia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\eugenia\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-6-24 24105936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
R1 MPCKpt;MPCKpt;c:\windows\system32\DRIVERS\MPCKpt.sys;c:\windows\SYSNATIVE\DRIVERS\MPCKpt.sys [x]
R1 ztvtvbqw;ztvtvbqw;c:\windows\system32\drivers\ztvtvbqw.sys;c:\windows\SYSNATIVE\drivers\ztvtvbqw.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys;c:\windows\SYSNATIVE\DRIVERS\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MyEpson Portal Service;MyEpson Portal Service;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 NETw5s64;Driver scheda Intel® Wireless WiFi Link 5000 Series per Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 16:40 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-14 13:39]
.
2015-07-20 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1961245091-2169871641-281864452-1001Core1d0c332b050c03e.job
- c:\users\eugenia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 07:58]
.
2016-05-25 c:\windows\Tasks\EPSON WF-2660 Series Update {A2B27C0F-3B88-4DAC-B34D-957FFA403DE6}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE [2015-06-27 23:30]
.
2016-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1961245091-2169871641-281864452-1001Core.job
- c:\users\eugenia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 17:27]
.
2016-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1961245091-2169871641-281864452-1001UA.job
- c:\users\eugenia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 17:27]
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 21:16]
.
2016-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1b7749f592b35.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 21:16]
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 21:16]
.
2016-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d1b7749f99705c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-28 08:29 261624 ----a-w- c:\users\eugenia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-28 08:29 261624 ----a-w- c:\users\eugenia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-28 08:29 261624 ----a-w- c:\users\eugenia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-05-17 20:02 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-05-17 20:02 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-05-17 20:02 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 255296 ----a-w- c:\users\eugenia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-29 10:27 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 170256]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = search.mpc.am/?geo=it
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\eugenia\AppData\Roaming\Mozilla\Firefox\Profiles\0rovylkw.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?bcutc=sp-006
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?bcutc=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?bcutc=sp-006
FF - ExtSQL: !HIDDEN! 2012-05-01 23:18; support@2yourface.com; c:\program files (x86)\2YourFace\ffextension
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{e3393495-8103-46a0-8181-270273eddd60} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
URLSearchHooks-{88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
WebBrowser-{88AC3CB6-596B-4217-964C-B6757EF9602D} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
ShellExecuteHooks-{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - (no file)
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3122661 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3127233 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3136000 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3136000v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3142037 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3143693 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-MaxiGet_is1 - c:\users\eugenia\AppData\Local\Maxiget\unins000.exe
AddRemove-Windows Movie Maker 2012 Packages - c:\users\eugenia\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\Windows Movie Maker 2012 Packages\uninstaller.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1961245091-2169871641-281864452-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1961245091-2169871641-281864452-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2016-07-08  13:15:01
ComboFix-quarantined-files.txt  2016-07-08 11:15
.
Pre-Run: 149.421.010.944 byte disponibili
Post-Run: 149.258.706.944 byte disponibili
.
- - End Of File - - CCB7BBA567AA5ADD49A73833C67CC941


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:07 PM

Posted 09 July 2016 - 06:59 AM

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#7 Eu93

Eu93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 09 July 2016 - 10:18 AM

Okay, I did the scan with this tool and I've attached the 2 logs here

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:07 PM

Posted 09 July 2016 - 01:16 PM


ATTENTION: System Restore is disabled

Turn your System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
---

If present remove these old versions of Java, via the Control Panel > Programs > Programs and Features applet.
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellExecuteHooks:  - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} -  No File [ ]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51798;https=127.0.0.1:51798
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1961245091-2169871641-281864452-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1961245091-2169871641-281864452-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKU\S-1-5-21-1961245091-2169871641-281864452-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
FF DefaultSearchUrl: hxxps://www.google.com/search?bcutc=sp-006
FF Homepage: hxxps://www.google.com/?bcutc=sp-006
FF Keyword.URL: hxxps://www.google.com/search?bcutc=sp-006
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF SearchPlugin: C:\Users\eugenia\AppData\Roaming\Mozilla\Firefox\Profiles\0rovylkw.default\searchplugins\google-avast.xml [2016-06-02]
FF SearchPlugin: C:\Users\eugenia\AppData\Roaming\Profiles\lsjwd5o2.default\searchplugins\google-avast.xml [2016-06-02]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{95fbd74c-8ce5-a482-1b4a-97a1a7294176} [2015-07-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\eugenia\AppData\Roaming\Mozilla\Firefox\Profiles\0rovylkw.default\extensions\searchengine@gmail.com => not found
CHR Extension: (Avast Online Security) - C:\Users\eugenia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-07]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\eugenia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\eugenia\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-06]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S1 ztvtvbqw; \??\C:\Windows\system32\drivers\ztvtvbqw.sys [X]
C:\Users\eugenia\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\eugenia\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {0058C0A9-52B5-4D70-879C-AF03FFB04B86} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {024721D3-94F1-4EFB-A243-D920E1EB3D2A} - \Java Update Scheduler -> No File <==== ATTENTION
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {072D0020-2985-433A-8D2F-D796C6562C53} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {07AE8A88-F3BE-4E39-8766-DFC5AF805BB2} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {08DF4B5B-3015-4D33-BF58-6259E84EC1DB} - \SONY\VAIO Power Management\VPM Unlock -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0A4BD3A0-4EBE-4B37-AB5C-B3B27B2F532D} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {0B40C763-8B65-4479-BD77-6E14A0D02FAB} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {0BB2C97A-40CE-4493-871C-0113E089067B} - \Programma di aggiornamento online di Adobe -> No File <==== ATTENTION
Task: {0ED2D615-60CF-4031-811F-1D5227B8192F} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {0F6F1AD9-D05C-4604-AF2B-9F30DEF30AD9} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {10AAEED9-92DF-4318-BAF0-A26FAFC36EBD} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {12EFC295-5616-48A6-AAED-636784A9679C} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {158C62E0-245F-417A-AFE3-B2AE85A9A6AF} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {1D369FDB-4153-4963-9229-00148F370B4C} - \{6CB50882-A305-46C7-B513-E0DF9F5E4778} -> No File <==== ATTENTION
Task: {1DCFF848-A220-4F28-9317-D74945AE70EA} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {1EB51344-6C69-446F-AABA-14F1EA41B5E4} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive -> No File <==== ATTENTION
Task: {20DC9816-32F8-4046-8D34-58E6363114EB} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {215207C3-B4A0-443E-8C03-7A082D7BC046} - \SONY\SUS-BCF\Level4Daily -> No File <==== ATTENTION
Task: {234D61B3-1055-423F-9443-1A82CA072D09} - \SONY\SUS-BCF\Level4Month -> No File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService -> No File <==== ATTENTION
Task: {24DBC2A7-58DD-429D-A30B-6D314F41C49A} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector -> No File <==== ATTENTION
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> No File <==== ATTENTION
Task: {29D737BC-EBD1-404B-B652-18A258B784B3} - \{9D9424AE-F5CF-48E3-AB12-A04BF4CB9AD2} -> No File <==== ATTENTION
Task: {2DB29605-7631-4CF5-9DA5-14A65BEA6D41} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {33ED3A40-A28C-49A0-98D4-E499A4D580FA} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION
Task: {3E4205D9-17CF-46F2-9C8C-1C90AF1B1BE2} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {4696BA34-1A12-4E0F-A5E0-FFEE866CEC3E} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {496CDC47-CF9F-4B33-B4FB-46C4DF75AAFC} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {4983F858-0189-4B20-BFB1-8E8590D28FF2} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor -> No File <==== ATTENTION
Task: {4C8E7A93-BFF1-4D84-8267-1C0022023013} - \Anaqatoch Host -> No File <==== ATTENTION
Task: {5236F9AB-1590-4F04-831F-2B013BFEAEB9} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {528EBB6D-8302-4844-921C-25ABA9FB68B3} - \SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool -> No File <==== ATTENTION
Task: {5393AF4D-45DB-4825-9B87-88E5F2540BF9} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {5777D36B-9C10-423E-B4BB-5271C7B5BAD7} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
Task: {5EF05AF6-5DE6-4887-ABF5-28DE367C8D9A} - \PostPoneInstall -> No File <==== ATTENTION
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask -> No File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> No File <==== ATTENTION
Task: {61739D3C-523F-4947-B8E0-3E3FDF250148} - \{BE327AED-F282-4611-AA83-9CD79F3E459A} -> No File <==== ATTENTION
Task: {6388AB65-95E7-46E3-97D9-10969A35F8FB} - \FacebookUpdateTaskUserS-1-5-21-1961245091-2169871641-281864452-1001UA -> No File <==== ATTENTION
Task: {63C3713F-7CA4-4FBB-986B-A95DA5B4C2AC} - \FacebookUpdateTaskUserS-1-5-21-1961245091-2169871641-281864452-1001Core -> No File <==== ATTENTION
Task: {63E9C39D-C77A-40C8-A55A-ECFFAD41133F} - \Protected Search\Protected Search -> No File <==== ATTENTION
Task: {640E5E60-B305-4F02-933E-75A566E60598} - \User_Feed_Synchronization-{45B36E36-2F6F-4CF7-A966-8C48CDC04D79} -> No File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask -> No File <==== ATTENTION
Task: {6B8498F2-EDB3-471C-BAF9-F10C5C0E5550} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {6EC01EE7-8E87-4C38-8A56-290FFD91AA7F} - \SONY\VAIO Power Management\VPM Logon Start -> No File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> No File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {7780385C-D4CC-4449-BF0E-788C19165864} - \ArcSoft Connect Daemon -> No File <==== ATTENTION
Task: {797308E1-5B8B-4F6C-83A2-22C2BB464853} - \Sony Corporation\VAIO Update\VAIO Update -> No File <==== ATTENTION
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask -> No File <==== ATTENTION
Task: {7EF59F41-B805-4812-B8F0-6F072AEB5A28} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {81A2AEE3-4FD8-45C1-9DEA-9B92173DE1A5} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {832E3F53-1152-4D2C-9591-FE0F24AF81D0} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {8D5BB65E-1209-4F3B-B9CF-886781AE831A} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost -> No File <==== ATTENTION
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam -> No File <==== ATTENTION
Task: {A1560D60-2559-498C-97DD-78EA84991AAB} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader -> No File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {A5AC869A-F96F-428C-AB4A-D61A53D82A0C} - \SONY\VAIO Power Management\VPM Session Change -> No File <==== ATTENTION
Task: {A5EB17B8-1FBD-4179-A3AC-4B4870AF6F39} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications -> No File <==== ATTENTION
Task: {A9621A4C-7D4C-4846-BA9F-05F6EC8732CF} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AC5511A1-7230-4666-A362-83FB39540DB8} - \{1B0C4016-A7C7-4FB0-B2D8-0F3D5C8960B8} -> No File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B1168CC9-0E0C-4945-B93B-03DAB7819498} - \{61FFA10C-7103-45BA-B8B1-B29D7671C378} -> No File <==== ATTENTION
Task: {BE139E88-AA44-4D4D-A19B-ADA7DEEC6B74} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled -> No File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {C0D07893-F1A1-4BA0-9CE9-CBB5FA7F0C5A} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {C109B2EC-B7A4-4694-8DE6-90D8BDF09444} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {C1AD5BDF-54BC-4F9E-9DA1-19D9FAD64CCD} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {C77BD286-76DE-4DE4-A8B5-8BC3907AEF7C} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {CDDDBF23-105D-48D1-92A8-EE1FA38263CD} - \{8DE54B6B-6A68-4756-A383-7A75E27AC334} -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {D0F415A8-6F5D-4336-9C89-3F7988AE34C1} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {D17E8348-5161-4F25-BB8B-38EA4C4979F5} - \{6B02311A-D827-40D2-A4B9-1FF586ED4E20} -> No File <==== ATTENTION
Task: {D2B08FCA-FE37-4EFC-8A76-EAB3330D757B} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {D34C9ECC-9E2E-490A-BD99-B40669415EC0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {D5D3650A-71AF-402F-8093-3AF2AB3354FA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT -> No File <==== ATTENTION
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {DFEC904D-5ED9-4056-9723-B97864B30565} - \User_Feed_Synchronization-{0E626F3C-8A24-4FFB-84FD-07195C3D7244} -> No File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask -> No File <==== ATTENTION
Task: {E9A5B9AC-C90B-4635-8888-BD07B06D5921} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {F84C54B2-1062-4D2C-B716-CED514654EAC} - \Sony Corporation\VAIO Update\VAIO Update Self Repair -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION
Task: {FE4D934A-987C-4827-914E-ABF5F4C5AE02} - \SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.


Please post the logs and let me know what problem persists on this computer.

#9 Eu93

Eu93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 09 July 2016 - 06:43 PM

Many thanks nasdaq ! I follow every steps you told me.

 

Here I've attached the logs.

 

Tomorrow I will let you know if the problem is fixed (I take some time to prove the pc)

 

 

Attached Files



#10 Eu93

Eu93
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 10 July 2016 - 07:01 AM

I used the pc for a while and I can say that the problem is fixed ! Many thanks

 

Now I have to uninstall the program I've downloaded (ComboFix, AdwCleaner and Farbar)?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:07 PM

Posted 10 July 2016 - 07:10 AM


Use the Uninstall procedure for Chrome.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

As for the Other tools I would keep them in a Folder. Good to have if you ever need them.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:07 PM

Posted 16 July 2016 - 10:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users