Scribd
Upload
42 views

Combo Fix

This summary provides information about files created between January 5, 2013 and February 5, 2013 on the computer and browser helper object extensions installed based on registry entries. Several browser extensions and potentially unwanted programs related to toolbars, file optimizers, and other software were installed during this time period.

Uploaded by

mok
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
42 views

Combo Fix

This summary provides information about files created between January 5, 2013 and February 5, 2013 on the computer and browser helper object extensions installed based on registry entries. Several browser extensions and potentially unwanted programs related to toolbars, file optimizers, and other software were installed during this time period.

Uploaded by

mok
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 11

ComboFix 13-02-03.03 - Felice 05/02/2013 10:28:56.4.

2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3062.1680 [GMT 1:00]
Eseguito da: f:\antivirus\ComboFix.exe
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2013-01-05 al 2013-02-
05 )))))))))))))))))))))))))))))))))))
.
.
2013-02-05 09:34 . 2013-02-05 09:34 -------- d-----w- c:\users\Public\AppData\
Local\temp
2013-02-05 09:34 . 2013-02-05 09:34 -------- d-----w- c:\users\Default\
AppData\Local\temp
2013-01-25 12:15 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\
Microsoft\Windows Defender\Definition Updates\{F06C2AE6-705A-46C2-9FDD-
18E46B928602}\mpengine.dll
2013-01-23 16:38 . 2013-01-23 16:38 -------- d-----w- c:\programdata\121A1
2013-01-19 15:38 . 2013-01-19 15:38 -------- d-----w- c:\programdata\Iminent
2013-01-19 14:52 . 2013-01-19 14:52 -------- d-----w- c:\users\Felice\AppData\
Local\Systweak
2013-01-19 14:52 . 2013-01-19 14:52 -------- d-----w- c:\program files (x86)\
Advanced File Optimizer
2013-01-19 14:51 . 2013-01-19 14:51 -------- d-----w- c:\users\Felice\AppData\
Local\Programs
2013-01-17 19:50 . 2013-01-19 15:26 -------- d-----w- c:\users\Felice\AppData\
Roaming\PerformerSoft
2013-01-17 19:50 . 2013-01-17 19:50 -------- d-----w- c:\programdata\
BrowserProtect
2013-01-17 19:50 . 2013-01-17 19:50 -------- d-----w- c:\users\Felice\AppData\
Roaming\StatusWinks
2013-01-17 19:50 . 2013-02-05 09:13 -------- d-----w- c:\program files (x86)\
Smiley Bar for Facebook
2013-01-17 19:50 . 2013-01-17 19:50 -------- d-----w- c:\program files (x86)\
VideoPerformer
2013-01-17 19:49 . 2013-01-17 19:49 -------- d-----w- c:\program files (x86)\
File Scout
2013-01-17 19:49 . 2013-01-17 19:49 -------- d-----w- c:\programdata\
IBUpdaterService
2013-01-11 12:15 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\
win32spl.dll
2013-01-11 12:15 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\
win32spl.dll
2013-01-11 12:15 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\
msxml6.dll
2013-01-11 12:15 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\
msxml3.dll
2013-01-11 12:15 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\
msxml6.dll
2013-01-11 12:15 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\
msxml3.dll
2013-01-11 12:15 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\
ncrypt.dll
2013-01-11 12:15 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\
ncrypt.dll
2013-01-11 12:15 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\
usp10.dll
2013-01-11 12:15 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\
usp10.dll
2013-01-11 12:13 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\
taskhost.exe
2013-01-11 12:13 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\
win32k.sys
2013-01-08 20:08 . 2013-01-08 20:08 -------- d-----w- c:\users\Felice\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 12:41 . 2012-09-27 18:48 67599240 ----a-w- c:\windows\system32\
MRT.exe
2012-12-30 12:35 . 2011-12-17 19:57 48648 ----a-w- c:\programdata\Microsoft\
eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-30 12:35 . 2011-12-17 19:57 375632 ----a-w- c:\programdata\
Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-16 17:11 . 2012-12-21 19:52 46080 ----a-w- c:\windows\system32\
atmlib.dll
2012-12-16 14:45 . 2012-12-21 19:52 367616 ----a-w- c:\windows\system32\
atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:52 295424 ----a-w- c:\windows\SysWow64\
atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:52 34304 ----a-w- c:\windows\SysWow64\
atmlib.dll
2012-12-10 11:01 . 2012-03-13 12:05 19896 ----a-w- c:\windows\system32\
roboot64.exe
2012-11-30 04:45 . 2013-01-11 12:14 44032 ----a-w- c:\windows\apppatch\
acwow64.dll
2012-11-24 11:50 . 2011-11-27 10:55 48648 ----a-w- c:\programdata\Microsoft\
eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-24 11:50 . 2011-11-27 10:55 375632 ----a-w- c:\programdata\
Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-14 07:06 . 2012-12-14 13:23 17811968 ----a-w- c:\windows\system32\
mshtml.dll
2012-11-14 06:32 . 2012-12-14 13:23 10925568 ----a-w- c:\windows\system32\
ieframe.dll
2012-11-14 06:11 . 2012-12-14 13:23 2312704 ----a-w- c:\windows\system32\
jscript9.dll
2012-11-14 06:04 . 2012-12-14 13:23 1346048 ----a-w- c:\windows\system32\
urlmon.dll
2012-11-14 06:04 . 2012-12-14 13:23 1392128 ----a-w- c:\windows\system32\
wininet.dll
2012-11-14 06:02 . 2012-12-14 13:23 1494528 ----a-w- c:\windows\system32\
inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 13:23 237056 ----a-w- c:\windows\system32\
url.dll
2012-11-14 05:59 . 2012-12-14 13:23 85504 ----a-w- c:\windows\system32\
jsproxy.dll
2012-11-14 05:58 . 2012-12-14 13:23 816640 ----a-w- c:\windows\system32\
jscript.dll
2012-11-14 05:57 . 2012-12-14 13:23 599040 ----a-w- c:\windows\system32\
vbscript.dll
2012-11-14 05:57 . 2012-12-14 13:23 173056 ----a-w- c:\windows\system32\
ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 13:23 2144768 ----a-w- c:\windows\system32\
iertutil.dll
2012-11-14 05:55 . 2012-12-14 13:23 729088 ----a-w- c:\windows\system32\
msfeeds.dll
2012-11-14 05:53 . 2012-12-14 13:23 96768 ----a-w- c:\windows\system32\
mshtmled.dll
2012-11-14 05:52 . 2012-12-14 13:23 2382848 ----a-w- c:\windows\system32\
mshtml.tlb
2012-11-14 05:46 . 2012-12-14 13:23 248320 ----a-w- c:\windows\system32\
ieui.dll
2012-11-14 02:09 . 2012-12-14 13:23 1800704 ----a-w- c:\windows\SysWow64\
jscript9.dll
2012-11-14 01:58 . 2012-12-14 13:23 1427968 ----a-w- c:\windows\SysWow64\
inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 13:23 1129472 ----a-w- c:\windows\SysWow64\
wininet.dll
2012-11-14 01:49 . 2012-12-14 13:23 142848 ----a-w- c:\windows\SysWow64\
ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 13:23 420864 ----a-w- c:\windows\SysWow64\
vbscript.dll
2012-11-14 01:44 . 2012-12-14 13:23 2382848 ----a-w- c:\windows\SysWow64\
mshtml.tlb
2012-11-12 13:05 . 2012-11-12 13:05 696240 ----a-w- c:\windows\SysWow64\
FlashPlayerApp.exe
2012-11-12 13:05 . 2012-03-14 20:13 73136 ----a-w- c:\windows\SysWow64\
FlashPlayerCPLApp.cpl
2012-11-09 05:45 . 2012-12-14 12:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-14 12:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\
msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg
Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-
1111-1111-110011441179}]
2012-11-24 12:10 616832 ----a-w- c:\program files (x86)\Giant Savings\
Giant Savings.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3ec1a45c-8bc3-
4bfe-b226-4051c5d3d068}]
2012-10-09 23:29 89288 ----a-w- c:\progra~2\SEARCH~2\Datamngr\SRTOOL~1\
searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-
4180-9BFF-E0E21AE34026}]
2010-07-02 08:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\
tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{944FEDFD-C4FD-
441D-8275-9C651A9FFBDE}]
c:\program files (x86)\Smiley Bar for Facebook\ScriptHost.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-
4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B939CF93-F2CB-
443d-956C-DC523D85C9DB}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"= "c:\program files (x86)\ChatZum Toolbar\
tbunsd3DAD.tmp\tbcore3.dll" [2012-08-29 2665984]
"{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}"= "c:\progra~2\SEARCH~2\Datamngr\SRTOOL~1\
searchresultsDx.dll" [2012-10-09 89288]
.
[HKEY_CLASSES_ROOT\clsid\{37d48d9c-3f7e-412f-b5bf-611be7ccfca1}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850]
.
[HKEY_CLASSES_ROOT\clsid\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Facebook Update"="c:\users\Felice\AppData\Local\Facebook\Update\
FacebookUpdate.exe" [2012-09-07 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15
2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-
26 648032]
"ModemListener"="c:\program files (x86)\HSPA USB MODEM\ModemListener.exe" [2010-11-
08 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-06
348664]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2012-07-
30 3460760]
"Advanced System Protector_startup"="c:\program files (x86)\Advanced System
Protector\AdvancedSystemProtector.exe" [2012-09-24 6369192]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16
218624]
"IMBooster"="c:\program files (x86)\Iminent\IMBooster\imbooster.exe" [2011-03-30
1324008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\
windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~2\261070~1.41\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\
drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\
windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ServUpdater;Serv Updater;c:\users\Felice\AppData\Local\ServUpdater\
ServiceUpd.exe [2011-12-16 156160]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe
[2012-11-09 160944]
R2 SoftwareUpd;Software Upd;c:\users\Felice\AppData\Local\SoftwareUpdater\
SoftwareUpdService.exe [2012-06-14 161280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\
btath_flt.sys [2011-04-29 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys
[2011-04-29 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\
btath_a2dp.sys [2011-04-29 259232]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\
btath_avdt.sys [2011-04-29 109216]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\
btath_hcrp.sys [2011-04-29 166048]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys
[2011-04-29 59040]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys
[2011-04-29 283296]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\
DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\
ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys
[x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\
system32\DRIVERS\jrdusbser.sys [2010-08-27 119680]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\
SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\
SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony
Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys
[2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony
Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\
Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program
files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18
385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common
Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14
44736]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\
WatAdminSvc.exe [2011-12-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows
Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-16 27760]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir
Desktop\sched.exe [2012-09-06 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\
Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe
[2011-04-29 91296]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\
BBSvc.exe [2012-06-11 193616]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1070.41\
{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-01-04 2554472]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\
Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\
DeviceManager.exe [2010-08-27 40960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\
Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe
[2013-01-17 642336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\
RIconMan.exe [2011-03-29 2361344]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\
PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 PowerOffer Service;Pos Service;c:\users\Felice\AppData\Local\PosService\Pos.exe
[2012-04-03 169472]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\
VCPerfService.exe [2011-01-29 259192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft
Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\
NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe [2012-03-18 2743310]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\
uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\
program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-
02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe
[2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\
ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
[2012-06-11 240208]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-
04-29 29344]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\
RtsPStor.sys [2011-03-29 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-
03-29 425064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-
04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft
Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26
1286784]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12
13:05]
.
2013-01-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2907487955-1356353992-
3671528198-1000Core.job
- c:\users\Felice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-24
17:29]
.
2013-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2907487955-1356353992-
3671528198-1000UA.job
- c:\users\Felice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-24
17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\Mediabar\Datamngr\x64\datamngr.dll c:\progra~2\
BEARSH~1\Mediabar\Datamngr\x64\IEBHO.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\
datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.bearshare.com/
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-
Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\
BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{145C1EFC-A490-413A-9BDE-E9CC1E0550D8}: NameServer =
8.8.8.8,8.8.4.4
TCP: Interfaces\{58BF44FE-BACC-400C-AAC9-A3FFE5308BA2}: NameServer =
8.8.8.8,8.8.4.4
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer =
8.8.8.8,8.8.4.4
TCP: Interfaces\{8E0C4344-B654-4717-A876-825589287FF1}: NameServer =
8.8.8.8,8.8.4.4
TCP: Interfaces\{8E0C4344-B654-4717-A876-825589287FF1}\
4505D2C494E4B4F5544324933444: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{A3826162-2E7B-4058-BB2F-7489543D3EB5}: NameServer =
8.8.8.8,8.8.4.4
TCP: Interfaces\{E0869F65-2CB7-4161-8CE7-B672E73499D8}: NameServer =
8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-10 - (no file)
Toolbar-!{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
AddRemove-OfferBox - c:\program files (x86)\OfferBox\uninstaller.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Felice\AppData\
Local\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\"
\"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\"
\"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\
PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes
Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor
Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\
Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\"
\"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\%
Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\
inteldata\""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\
FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\
Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\
LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\
TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-
0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-
0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-
0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\
FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-
B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-
B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-
B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\program files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
.
**************************************************************************
.
Ora fine scansione: 2013-02-05 10:56:37 - Il pc � stato riavviato
ComboFix-quarantined-files.txt 2013-02-05 09:56
ComboFix2.txt 2013-02-05 09:23
ComboFix3.txt 2012-04-23 07:46
ComboFix4.txt 2012-04-23 07:24
.
Pre-Run: 425.443.368.960 byte disponibili
Post-Run: 425.072.492.544 byte disponibili
.
- - End Of File - - 7189496F3035F33F7E8603049BEDCE71

You might also like