Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

NationZoom Opzioni
pandoro
Inviato: Tuesday, December 24, 2013 2:22:04 PM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
Ciao a tutti,
ieri, in seguito ad un aggiornamento di Java ho aperto Chrome e come homepage, anzichè Google, ho trovato una pagina chiamata NationZoom (http://www.nationzoom.com/). Ho provato a reimpostare la vecchia homepage tramite le impostazioni di Chrome, ma se lo chiudo e poi lo riapro la pagina ritorna. Cercando su Internet ho scoperto che può essere dannoso. Potreste aiutarmi ad eliminarlo?

Grazie in anticipo, Pandoro.
Sponsor
Inviato: Tuesday, December 24, 2013 2:22:04 PM

 
shapiro
Inviato: Tuesday, December 24, 2013 2:27:12 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sta NationZoom e' una rottura Sick

scarica adwcleaner
Chiudi tutti i browser (è importante che siano chiusi: IE,Firefox, Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.


scarica Junkware Removal Tool
clicca sull'icona di JRT e attendi pazientemente la fine della scansione
Una volta terminata dovrebbe aprirsi il log sul desktop come JRT.txt


per ultimo

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
pandoro
Inviato: Tuesday, December 24, 2013 3:04:40 PM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
Grazie mille shapiro!
ecco il log di adwcleaner:

# AdwCleaner v3.016 - Report created 24/12/2013 at 14:36:04
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - 2F624F151C58483
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Offerbox update service
[#] Service Deleted : Update SecretSauce
[#] Service Deleted : Util SecretSauce
Service Deleted : WajamUpdaterV3
Service Deleted : Web Assistant
Service Deleted : Wpm

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WPM
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Gophoto.it
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\OfferBox
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\Search Results Toolbar
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\SFT_IT
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\OfferBox
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SFT_IT
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\iLivid
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\SoftwareUpdater
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\SFT_IT
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\blekko
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\cmw
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Delta
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\file scout
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\OfferBox
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ValueApps
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\widestream
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\BitGuard
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Wajam
Folder Deleted : C:\Documents and Settings\Administrator\My Documents\optimizer pro
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
File Deleted : C:\END
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Offerbox.lnk
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods-speeddial.crx
File Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Documents and Settings\Administrator\Desktop\iLivid.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\Administrator\Desktop\Shortcut to chrome.exe.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BHO.PSHelper
Key Deleted : HKLM\SOFTWARE\Classes\BHO.PSHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl
Key Deleted : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Advanced System Protector_Startup]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5d55dad1b63cee13
Key Deleted : HKLM\SOFTWARE\5d55dad1b63cee13
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2102507
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849853
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031812
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3045718
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B82BEE75-1497-440B-8DF2-C705B64D3818}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA2E16F2-387A-415F-BA95-B89BAF3AF109}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E29DFA44-501B-45BE-BE17-393B9E5E058A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B82BEE75-1497-440B-8DF2-C705B64D3818}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E29DFA44-501B-45BE-BE17-393B9E5E058A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B82BEE75-1497-440B-8DF2-C705B64D3818}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EB1DF4E-C959-46A6-B231-C7F33E1E49C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34EE74B9-7054-445D-B83F-FD3442A8981D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Documents and Settings\Administrator\Local Settings\Application Data\iLivid\iLivid.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Administrator\Local Settings\Application Data\iLivid\iLivid.exe]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKCU\Software\WideStream
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\SFT_IT
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AedgePerformanceBCN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\nationzoomSoftware
Key Deleted : HKLM\Software\Offerbox
Key Deleted : HKLM\Software\SoftwareUpdater
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\SFT_IT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Offerbox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SFT_IT Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Offerbox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SFT_IT Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38912 octets] - [24/12/2013 14:34:55]
AdwCleaner[S0].txt - [37361 octets] - [24/12/2013 14:36:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [37422 octets] ##########


Comunque adesso, aprendo Chrome come homepage c'era Google. Aspetto la vostra risposta prima di proseguire con Junktool, Otl ecc.
Grazie ancora :D
shapiro
Inviato: Tuesday, December 24, 2013 3:15:27 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

esegui anche gli altri due tool, ti riprendo piu' tardi
pandoro
Inviato: Tuesday, December 24, 2013 3:26:31 PM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
Ecco il log di Junkware:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 24/12/2013 at 15.12.42,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wroreminder



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-823518204-436374069-839522115-500\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3EA88AD4-4D8A-4027-A307-8479DF78CEDA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F3C6FB56-DB34-4EE7-A934-AB7C6990F011}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Administrator\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\ietoolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\netassistant"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\directdownloader"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/12/2013 at 15.18.44,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ora eseguo anche otl
pandoro
Inviato: Tuesday, December 24, 2013 3:27:36 PM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
una domanda: cos'è Wikisend?
grazie in anticipo
shapiro
Inviato: Tuesday, December 24, 2013 7:40:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



wikisend e' questo
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo qui nel forum

se non ci riesci, incollalo come gli altri
pandoro
Inviato: Tuesday, December 24, 2013 7:41:56 PM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
Ecco anche Otl:

OTL.Txt

Però mi è comparso un solo log, Extras.txt non c'era.
Grazie ancora per l'aiuto e Buon Natale :)
shapiro
Inviato: Tuesday, December 24, 2013 7:45:20 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
il log e' vuoto prova a copiarlo di nuovo, questo e' quello che vedo

Code:
倥䙄ㄭ㐮┊폏㌊〠漠橢㰊⼼敌杮桴ㄠ㤴⼴楆瑬牥䘯慬整敄潣敤㸾瑳敲浡砊鶜字��ᐶ콾₯鋶䠌����䏘抱嘭⭠ㅶ銑譨䒱⊪촕绿㧟঴␪ȁ坘㱾紜窹뾷䝚魢拤嵟뱍ᾥ紿䖈袜ꛪ䟐歑嗯谯ꏲ俭関䧽浹슎컫룽쎿짽뽼䑈뵟璘톳贪ෳ蹾᧸礧င헥濍廲뎉䐝钡븑ꨟ꼣轥퟊ㆀ彪ç茕䛓✹똎츗શ嬐⭵ꑰ쁐⭁嫒ᅏ焥궚ꈃ뭨띎ꢌᆞ��쵶㡙笯⪯唾ꇚ©ౕʦ‸렔ީ洆뺁麖䡊ꟺ믛ॆ쁻Y籶዇㒨꽙㋧冥㊒娨늼��鎋ﱊꊔ嫕罕礞歝鐚ᛤ귧꜇廊咸浥韴륁븟ᢦ漼쮝걢Ώ櫶䇅䪛獈뷦춅튗师ᢉ叁稫쯹ቔ儧猾涒폟ଆ鵛㚅혗ੰ떋Ꮢሃ袈嬔⑕䉗ꭙ괲㯄��纑䂻䬐Ệਖ欛홝浓╫쿯妓렜떡ᔠ旨䬨㯀촌瞋㛁焄჏鏷廟뽖켤��ἤ◼旁腟��蒜狀뷕ِ먗㭞叔䴶❬뽢ᰝ뗮䕶컘숬괤ꝅ冥댺䮺賢嵑꣤墅酢䚔㳼霒閧慉㡍偻ᆪ㺍軁╾읾᠏圗悖��᭬끏瓒託⯕ꃩ踥즀郻叝贏ᇒ䫩⛶䥈⥻歚駔ꡃ䐢⣉봍��䀥⢛擙倁얒竑⑊쐔ςࠡ茇酐꼎ᔔ直୧冂銨䠰찵렇螪쇺㲶두ꄃ릯쯌ꖴ峙嶟溚洂燡Ѩ䐉ゅ⁖蜂㯆Ⳟꭙ淫ଡ䂐쨼蜎撲礦輇谬潴頇鎪ꆜ帋��紀儏湪ꄖ越걵判犲㗾鏉뉭竑ົ⤳ዯ鳽ࢂᑢ֚楉趨폚釵ࢢⱡ鿛嚩⭇㜛猇颐鑛㫧ꈓ䨤豷걨忏፩焎誗癪袄轡醮⨥呐趚ﭵ✘꭛룑ٿ꠩ⳃ挪䖓㐓瓈爓俺힋佨␠ꁉ★ij䖁쌈쐵偙瀁ʭዺ쁥룢䴲뮻৮霞♵␀꠯ᾃ祸ﻨ粣▐鯹겖핞皺疖➜肓⃂㲃⼠罨칍㗣ᴐ빐쟑㏚轋؇テ沋䲤铆좐⿟豊ီ攠鉙騇郶゚视ꫤꂐ␲䈊䢇캔ℰ₀鰎勩睂痞풪ᝨ䧧䭵쒓镬鑗ㄖ쒔僳즴ᎂ騾Ɐ䝈벭ꢳ謒랉䜸꣓쮠⡪봡閂኶뢿寓駱﷭鎑잚봆㜨㞚ᡭ끷僼럌鹭盍䍊翬퉺ぱ೨஭ꗃ뭁唩峓،괰隂吹匯䏈ࠋᖍᵷ庥娈㰔뾳昮݄穘ꖚᑡ ꋝ풰碉嘄ⷭ쓍檍ᤉ爱隴놧︰鞲崻쒞䷐ꊢ뗆歐䓄窩����翞퍐��↽傃᫉폌䵛憇ਠ玃牨銡뮴p죗덷��됼뿑ꅑꂶ鱏퀩ჯ⩟꿌䢨끇ꜯ๿葳��楛샞졋㿔拕��⓬䣼靂须✅藰叁輟瓹梙��䌡ᯡप挍ꏳ��螏넹鈡昅銡븚칁鋨썔⟓ೈ믱蚊踕䋏㥡㭐⥥伫��済羴磲漓熦뭫싉⤧尦Ñ䢏缐㲽닶룃ꗃꛇ㞁幤磘ꒉ났㇧㚇䙂��璇ﴀ嫙��ﵟ댿깞ૐ湥獤牴慥੭湥潤橢㔊〠漠橢㰊⼼祔数倯条⽥敍楤䉡硯せ〠㔠㔹㠠㈴⽝敒潳牵散㱳⼼牐捯敓⁴⽛䑐⁆启硥⁴䤯慭敧⁂䤯慭敧⁃䤯慭敧嵉䘯湯㱴⼼ㅆㄠ〠删䘯′′‰㹒㸾⼾潃瑮湥獴㌠〠删倯牡湥⁴‴‰㹒ਾ湥潤橢㘊〠漠橢㰊⼼畓瑢灹⽥楌歮刯捥孴〳⸳㈴㔠㐵㔮′㈴⸳㠲㔠㔶㘮崲䄯㰼匯唯䥒唯䥒栨瑴㩰⼯敳慢灳湥⹡潣⽭敮睴牯⵫慭歲瑥湩ⵧ楴獰⤯㸾䈯牯敤孲‰‰崰䌯せ〠ㄠ㹝ਾ湥潤橢㜊〠漠橢㰊⼼敌杮桴㔠㔱䘯汩整⽲汆瑡䑥捥摯㹥猾牴慥੭鱸厝潍ホ봌埻ꝰ䁥��㹮Ⰶ⽘蘛⠙呶쩤Ⳗ麋ሾ��銏˛訛��遅鉥㷯⦱┶헜栻ꋚ鮄⻪��樟檨周깑芺쳦檷浛탗拈ꅱ₄쐬谉䋚麒袏㾖筃옐Ⱃ⎟技ߗ쐈쁱ᲅ梌㤃ҿ슃浙瞻俍鋦ጰग़ῥ쫤盕㍷窧꾻駶犓☴醀৫匿䈪㾪䯣竦䥄晣䪍ꥩ㘙뙁䃨鮑킹䋙䟋甖��췾腦䎢텧䔽苓䞋ꔠ沀뎦壘頋ﲫﮕ㼇䉤톟灌謇ၸ尾鸋Ṙ婷촹䝭涋뵪葸᧨櫢犄뭳ޙ깐櫫씶⭗䃳ឡɬ䇴贜㷶瘃㏄치ΐ胅Π須��Ϭ��鸚䍇佳ꛀメ䈶Ŋ㺇ᥟ뉃䎤䐰鄹ﷅ꺇ⷵ秋הּ꺮奶폗됸珥䄔嶓穁䜔↊푑ﰎ߅ﴜ⏼佅于ڼ쌖��竀胜䬡鏒꩏찻糶홅❈婎攨ᣲẄ覤惈㴇픯﷼櫦ᱷꢘ펏つꃭᝰ䉐Ḇ㒕๚늹挢鳨ొ族瀪녝奸᳝㷓緁詪앯䞔૲湥獤牴慥੭湥潤橢㠊〠漠橢㰊⼼祔数倯条⽥敍楤䉡硯せ〠㔠㔹㠠㈴⽝敒潳牵散㱳⼼牐捯敓⁴⽛䑐⁆启硥⁴䤯慭敧⁂䤯慭敧⁃䤯慭敧嵉䘯湯㱴⼼㉆㈠〠删㸾㸾䄯湮瑯孳‶‰嵒䌯湯整瑮⁳‷‰⽒慐敲瑮㐠〠删㸾攊摮扯੪‱‰扯੪㰼启灹⽥潆瑮匯扵祴数启灹ㅥ䈯獡䙥湯⽴效癬瑥捩ⵡ潂摬䔯据摯湩⽧楗䅮獮䕩据摯湩㹧ਾ湥潤橢㈊〠漠橢㰊⼼祔数䘯湯⽴畓瑢灹⽥祔数⼱慂敳潆瑮䠯汥敶楴慣䔯据摯湩⽧楗䅮獮䕩据摯湩㹧ਾ湥潤橢㐊〠漠橢㰊⼼祔数倯条獥䌯畯瑮㈠䬯摩孳‵‰⁒‸‰嵒㸾攊摮扯੪‹‰扯੪㰼启灹⽥慃慴潬⽧慐敧⁳‴‰㹒ਾ湥潤橢ㄊ‰‰扯੪㰼倯潲畤散⡲呩硥却慨灲ₒ⸵⸴‱㊩〰ⴰ〲㈱ㄠ㍔员䈠䉖⁁⡜䝁䱐瘭牥楳湯⥜⼩牃慥楴湯慄整䐨㈺㄰〳㈹ㄵㄱ㔴ⴶ㜰〧✰⼩潍䑤瑡⡥㩄〲㌱㤰㔲ㄱ㐱㘵〭✷〰⤧㸾攊摮扯੪牸晥《ㄠ਱〰〰〰〰〰㘠㔵㔳映ਠ〰〰〰㘲㠴〠〰〰渠ਠ〰〰〰㜲ㄴ〠〰〰渠ਠ〰〰〰〰㔱〠〰〰渠ਠ〰〰〰㠲㤲〠〰〰渠ਠ〰〰〰㔱㜷〠〰〰渠ਠ〰〰〰㜱㌴〠〰〰渠ਠ〰〰〰㠱㔹〠〰〰渠ਠ〰〰〰㐲㜷〠〰〰渠ਠ〰〰〰㠲㘸〠〰〰渠ਠ〰〰〰㤲ㄳ〠〰〰渠ਠ牴楡敬ੲ㰼匯穩⁥ㄱ刯潯⁴‹‰⽒湉潦ㄠ‰‰⽒䑉嬠ㄼㅡ㡥㔵㙢搶攲戳㕤㡣戰㥡挱挳㜶ち㹤ㄼ㜴敥愳㡣ㄱㅤ〴㕤㈲㥣摦ㄵ〷摥㠱㸰㹝ਾ椥敔瑸㔭㐮ㄮ猊慴瑲牸晥㌊㤰ਰ┥佅੆
pandoro
Inviato: Tuesday, December 24, 2013 7:50:58 PM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
OTL logfile created on: 24/12/2013 19.21.09 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,93% Memory free
3,84 Gb Paging File | 3,04 Gb Available in Paging File | 79,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 5,52 Gb Free Space | 5,65% Space Free | Partition Type: NTFS
Drive D: | 185,55 Gb Total Space | 178,00 Gb Free Space | 95,93% Space Free | Partition Type: NTFS
Drive E: | 182,55 Gb Total Space | 176,63 Gb Free Space | 96,76% Space Free | Partition Type: NTFS

Computer Name: 2F624F151C58483 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\system32\UAService7.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\132be1767fd9bc76ac3b9783f4b3459a\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6a71efa7248119b0875d6cd2dd1e204c\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\20cc29b88136672474152fee2940a9ad\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2121d35901df0f52649f045dba419bf4\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\fcb720b955b71c677d07fe8ffebc843e\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4c23035918febda08a22d63e1c177d26\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\d1cb852474c9f322e257a30f643bca56\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2154273cb2d7a8b1a47d672b6d0808bf\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\218ea111f13489904eee53cc8ddab57d\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\WINDOWS\system32\custmon32.dll ()
MOD - C:\WINDOWS\system32\UAService7.exe ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()


========== Services (SafeList) ==========

SRV - (SoftwareUpd) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SoftwareUpdater\SoftwareUpdService.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (ServUpdater) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ServUpdater\ServiceUpd.exe (ServiceUpd)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (UserAccess7) -- C:\WINDOWS\system32\UAService7.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssudobex) -- C:\WINDOWS\system32\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (NDISRD) -- C:\WINDOWS\System32\drivers\NDISRD.SYS.rmv (NT Kernel Resources)
DRV - (jrdusbser) -- C:\WINDOWS\system32\drivers\jrdusbser.sys (TCT International Mobile Ltd)
DRV - (s0016unic) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{07D4819C-55BE-7187-D19B-63AA4361D84B}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\SearchScopes,Backup.Old.DefaultScope = {3EA88AD4-4D8A-4027-A307-8479DF78CEDA}
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\SearchScopes\{07D4819C-55BE-7187-D19B-63AA4361D84B}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKU\S-1-5-21-823518204-436374069-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/09/18 11.09.23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/10/30 12.06.45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/02 17.34.39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/02 17.34.39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Administrator\Application Data\NetAssistant\

[2013/05/19 18.27.14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 15.17.08 | 000,000,000 | ---D | M] ("BitAccelerator") -- C:\Program Files\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
[2007/08/29 22.47.44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/06/25 12.20.28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2013/02/15 23.04.52 | 000,208,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/12/07 19.12.38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/12/07 19.12.38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/12/07 19.12.38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/12/07 19.12.39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/12/07 19.12.39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/12/07 19.12.39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/12/07 19.12.39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/12/16 09.52.54 | 000,001,567 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\glarysearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.com/complete/search?q={searchTerms},
CHR - homepage: http://www.google.it/
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2012/12/11 17.49.55 | 000,443,832 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15271 more lines...
O2 - BHO: (no name) - {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SearchToolbar.ShowToolbarBHO) - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll File not found
O2 - BHO: (no name) - {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (SearchToolbar) - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-436374069-839522115-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-823518204-436374069-839522115-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-823518204-436374069-839522115-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\.DEFAULT..\Run: [PosService] C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O4 - HKU\S-1-5-18..\Run: [PosService] C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O4 - HKU\S-1-5-21-823518204-436374069-839522115-500..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-823518204-436374069-839522115-500..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-823518204-436374069-839522115-500..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-823518204-436374069-839522115-500..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-823518204-436374069-839522115-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-823518204-436374069-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{073ABD86-283E-44AD-ADD4-6D0DAC919CCD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D821099-0510-46F6-AE2E-486EA7B17A61}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C638E667-3E43-4B43-B7E3-26147D6C5554}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1658440-DDF2-4877-B55E-97CBB8BA52A5}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/17 07.53.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2013/12/24 15.12.17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/24 14.34.37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/24 10.21.13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/12/24 10.19.36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/12/23 19.14.32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/12/23 18.26.38 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/12/23 18.26.15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CallingID
[2013/12/14 21.21.01 | 000,000,000 | ---D | C] -- C:\Program Files\SecretSauce
[2013/12/13 14.48.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP495 series
[2013/12/13 14.48.04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2013/12/13 14.47.42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/12/13 14.47.24 | 000,180,224 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUA9.DLL
[2013/12/13 14.45.42 | 000,094,208 | R--- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC495O.dll
[2013/12/13 14.45.37 | 001,335,296 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC495C.dll
[2013/12/13 14.45.37 | 000,307,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC495L.dll
[2013/12/13 14.45.37 | 000,114,688 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC495I.dll
[2013/12/13 14.45.37 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC495U.dll
[2013/12/09 14.32.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DoNotTrackPlus
[2013/12/01 09.36.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nico Mak Computing
[2012/05/28 08.52.51 | 000,301,640 | ---- | C] (Softonic) -- C:\Program Files\SoftonicDownloader_per_picasa.exe
[2012/05/28 08.14.37 | 001,263,952 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe
[2012/05/27 16.30.15 | 004,407,248 | ---- | C] (Systweak Inc ) -- C:\Program Files\rcpsetup_15294.exe
[2012/05/20 18.16.14 | 000,301,648 | ---- | C] (Softonic) -- C:\Program Files\SoftonicDownloader_per_bittorrent.exe
[2012/04/30 22.39.12 | 000,023,240 | ---- | C] (Canneverbe Limited) -- C:\Program Files\updater.exe
[2012/04/30 22.39.08 | 000,024,264 | ---- | C] (Canneverbe Limited) -- C:\Program Files\cdbxpcmd.exe
[2012/04/30 22.39.06 | 001,781,448 | ---- | C] (Canneverbe Limited) -- C:\Program Files\cdbxpp.exe
[2012/04/30 22.37.42 | 000,081,920 | ---- | C] (CDBurnerXP Software) -- C:\Program Files\CDBXP.dll
[2012/04/30 22.37.36 | 001,056,768 | ---- | C] (Canneverbe Limited) -- C:\Program Files\CsLib.dll
[2012/03/06 14.41.22 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2012/03/01 17.47.14 | 002,896,896 | ---- | C] (Rocket Division Software) -- C:\Program Files\StarBurnX12.dll
[2012/03/01 17.47.14 | 001,630,432 | ---- | C] (Rocket Division Software, StarBurn Software) -- C:\Program Files\StarBurn.dll
[2010/03/16 13.04.22 | 000,045,056 | ---- | C] (MaresWEB) -- C:\Program Files\bass_mpc.dll
[2010/03/10 16.36.30 | 000,187,392 | ---- | C] (Un4seen Developments) -- C:\Program Files\bass.dll
[2010/03/10 13.02.36 | 000,033,280 | ---- | C] (Un4seen Developments) -- C:\Program Files\bassmix.dll
[2010/03/01 17.03.50 | 000,565,248 | ---- | C] (radio42) -- C:\Program Files\Bass.Net.dll
[2010/01/04 16.23.50 | 000,035,328 | ---- | C] (Un4seen Developments) -- C:\Program Files\basscd.dll
[2009/12/16 17.35.24 | 000,048,128 | ---- | C] (Un4seen Developments) -- C:\Program Files\bassflac.dll
[2009/11/04 13.37.08 | 000,032,768 | ---- | C] (Un4seen Developments) -- C:\Program Files\basswma.dll
[2009/07/20 03.52.42 | 001,790,904 | ---- | C] (NuMedia Soft, Inc.) -- C:\Program Files\NMSDVDXU.dll
[2009/03/17 17.14.52 | 000,081,408 | ---- | C] (MaresWEB) -- C:\Program Files\bass_ape.dll
[2009/03/17 17.07.44 | 000,059,904 | ---- | C] (Un4seen Developments) -- C:\Program Files\basswv.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/12/24 19.13.25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/24 19.13.00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/24 19.00.00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate.job
[2013/12/24 18.17.03 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Administrator.job
[2013/12/24 15.09.02 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Administrator.job
[2013/12/24 15.01.00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/12/24 14.48.28 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2013/12/24 14.48.25 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate 2.job
[2013/12/24 14.48.22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/24 14.48.21 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/24 14.44.35 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to chrome.exe.lnk
[2013/12/23 19.15.28 | 000,009,798 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131223_191523.reg
[2013/12/19 17.03.10 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/12/19 17.03.10 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/19 12.27.00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-823518204-436374069-839522115-500.job
[2013/12/16 17.14.05 | 000,017,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Document in CURRICULUM VITAE.pdf
[2013/12/16 17.09.29 | 000,019,758 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CURRICULUM VITAE.pdf
[2013/12/15 20.25.54 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/15 17.27.03 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/12/15 11.24.35 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/12/15 11.24.35 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2013/12/13 09.41.40 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/12/13 08.59.54 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/12/13 08.59.29 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip Registry Optimizer.lnk
[2013/12/13 08.22.59 | 000,002,820 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131213_082254.reg
[2013/12/11 15.48.17 | 003,671,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/01 09.19.52 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131201_091933.reg
[2013/12/01 09.18.19 | 000,021,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131201_091808.reg
[2013/11/27 11.21.07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/11/24 18.49.31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/13 03.59.42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2013/11/07 06.38.51 | 000,591,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2013/10/30 03.26.17 | 001,879,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2013/10/30 03.26.17 | 001,879,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2013/10/29 08.57.34 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/10/29 08.57.34 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/10/29 08.57.34 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/10/29 08.57.34 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/10/29 08.57.34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/10/29 08.57.34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/10/29 08.57.33 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/10/29 08.57.33 | 006,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/10/29 08.57.33 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/10/29 08.57.33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/10/29 08.57.33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/10/29 08.57.33 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/10/29 08.57.33 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/10/29 08.57.33 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/10/29 08.57.33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/10/29 08.57.33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/10/29 08.57.33 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/10/29 08.57.33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/10/29 08.57.33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/10/29 08.57.33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/10/29 08.57.33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/10/29 08.57.33 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/10/29 08.57.33 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/10/29 08.57.33 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/10/29 08.57.33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/10/29 08.57.33 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/10/29 08.57.33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/10/29 08.57.33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/10/29 08.57.33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2013/10/29 08.57.33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2013/10/29 06.15.36 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/10/29 06.15.36 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/10/29 01.45.02 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/10/27 09.15.42 | 000,496,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/27 09.15.42 | 000,086,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/23 19.15.25 | 000,009,798 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131223_191523.reg
[2013/12/16 17.14.09 | 000,017,443 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Document in CURRICULUM VITAE.pdf
[2013/12/15 17.27.03 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/12/13 09.41.40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/12/13 09.41.40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/12/13 08.59.54 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/12/13 08.59.53 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/12/13 08.59.29 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip Registry Optimizer.lnk
[2013/12/13 08.22.57 | 000,002,820 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131213_082254.reg
[2013/12/04 18.04.59 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Administrator.job
[2013/12/04 18.00.55 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Administrator.job
[2013/12/04 18.00.55 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Administrator.job
[2013/12/01 09.19.35 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131201_091933.reg
[2013/12/01 09.18.12 | 000,021,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20131201_091808.reg
[2013/11/11 17.42.02 | 000,019,758 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CURRICULUM VITAE.pdf
[2013/06/02 17.29.31 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2013/04/29 17.06.28 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.backup.dm
[2012/12/13 12.22.32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/16 10.16.40 | 002,858,782 | ---- | C] () -- C:\Program Files\ZooskMessenger_4.128.3.air
[2012/11/04 12.34.06 | 001,333,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/10/31 16.25.18 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/10/21 19.10.15 | 000,000,647 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/21 17.17.03 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe
[2012/09/28 13.30.01 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.jbs
[2012/07/01 18.57.56 | 001,796,631 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-436374069-839522115-500-0.dat
[2012/07/01 18.57.55 | 000,254,014 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/06 10.20.30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2012/05/28 16.46.37 | 000,715,038 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\unins000.exe
[2012/05/28 16.46.37 | 000,004,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\unins000.dat
[2012/05/23 17.49.34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/05/23 17.49.32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/05/23 17.49.32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/05/23 17.49.32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/05/23 17.49.32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/05/11 14.39.16 | 000,944,886 | ---- | C] () -- C:\Program Files\TimeLineRemove.zip
[2012/04/30 22.37.46 | 000,126,976 | ---- | C] ( ) -- C:\Program Files\Interop.RocketDivision.StarBurnX.dll
[2012/04/30 22.37.46 | 000,081,920 | ---- | C] ( ) -- C:\Program Files\Interop.NMSDVDXLib.dll
[2012/04/24 17.28.00 | 000,442,880 | ---- | C] ( ) -- C:\Program Files\LogicNP.FileView.dll
[2012/04/24 17.28.00 | 000,337,408 | ---- | C] ( ) -- C:\Program Files\LogicNP.FolderView.dll
[2012/04/24 17.28.00 | 000,136,704 | ---- | C] ( ) -- C:\Program Files\LogicNP.ShComboBox.dll
[2012/04/02 15.02.04 | 041,250,184 | ---- | C] () -- C:\Program Files\zaSetup_91_007_004_it.exe
[2012/02/29 13.56.45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/29 13.56.45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/29 13.56.45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/29 13.56.45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/29 13.56.45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/22 18.27.05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/26 15.36.18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PageLibraries
[2011/11/25 19.39.31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/11/25 19.32.06 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Frameworks
[2011/11/25 19.32.06 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Generic
[2011/11/23 23.09.46 | 000,000,327 | ---- | C] () -- C:\Program Files\updater.exe.config
[2011/11/06 22.09.00 | 000,001,453 | ---- | C] () -- C:\Program Files\cdbxpp.exe.config
[2011/11/06 22.09.00 | 000,000,327 | ---- | C] () -- C:\Program Files\cdbxpcmd.exe.config
[2010/12/19 18.25.21 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\quifoto.it_state.xml
[2010/08/24 11.13.48 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Graphics
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Grapher
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Grand Piano
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Gems
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Galaxy Swirl
[2010/08/21 09.08.47 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Galactic Static
[2010/08/21 09.08.47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2010/08/21 09.08.47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2010/08/21 09.08.47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2010/08/21 09.08.47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Morph
[2010/08/21 09.08.47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Basic
[2010/08/21 09.08.47 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Horn Section
[2010/07/25 11.26.17 | 000,013,435 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/07/23 10.24.48 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/07/23 10.24.48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Fonts
[2010/04/11 13.02.38 | 000,000,024 | ---- | C] () -- C:\Program Files\Config.ini
[2010/01/03 12.18.50 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Administrator\.gtk-bookmarks
[2009/05/18 17.49.46 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/05/18 17.47.21 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Folder Actions Handlers
[2009/05/18 17.47.21 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/05/17 11.10.04 | 000,204,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/12 08.15.52 | 000,082,872 | ---- | C] () -- C:\Program Files\NMSAccessU.exe

========== ZeroAccess Check ==========

[2009/05/17 14.55.27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/06/21 19.18.34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11.56.35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04.42.10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/07 14.30.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Activision
[2012/09/16 16.51.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ad-Aware Antivirus
[2012/09/28 14.15.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2013
[2013/09/12 18.32.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2013/12/23 18.27.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CallingID
[2013/06/02 17.36.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2013/12/13 14.24.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2010/07/02 19.02.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2012/11/17 18.34.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/05/27 15.50.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2012/05/28 09.30.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EmoticoonsToolbar
[2010/08/04 18.54.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eTeks
[2011/08/27 17.57.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\go
[2010/08/15 15.20.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Graphisoft
[2010/07/25 11.26.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/07/08 17.06.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/09/01 16.13.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LG Electronics
[2013/12/13 08.59.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nico Mak Computing
[2010/08/21 09.13.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2012/12/19 15.11.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Panda Security
[2012/04/03 18.33.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDAppFlex
[2010/05/20 15.47.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\progeSOFT
[2012/07/01 18.53.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2013/01/09 09.13.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Temp
[2012/09/28 14.13.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/26 18.13.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vopa
[2010/05/25 19.07.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zylom
[2013/04/30 08.22.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/05/27 18.42.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/04 11.52.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/06/02 17.36.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/12/13 14.47.42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/08 11.16.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/09/11 17.56.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/05/08 11.16.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/05/08 11.12.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2013/12/13 14.22.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/05/08 11.10.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/02/25 17.26.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/04/29 17.08.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/11/23 12.02.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/12/22 08.12.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2011/04/29 13.50.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2011/06/19 18.45.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/11/25 19.39.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/09/19 14.50.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2012/09/21 11.44.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2011/10/26 18.22.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/11/04 12.06.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/25 19.08.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/11/25 19.23.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/12/19 14.55.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/07/26 15.43.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/01 18.39.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/07 16.34.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/23 18.52.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2010/08/21 09.08.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/05/25 19.07.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/09/16 13.14.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/03/21 12.38.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/23 09.16.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2009/06/20 16.26.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/09/16 16.28.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012/11/04 12.40.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/24 18.57.46 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\첤辷嚴6
[2013/11/24 18.57.46 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\첤辷嚴6
[2013/11/13 20.01.37 | 104,136,834 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䀋儥嚴6
[2013/11/13 20.01.37 | 104,136,834 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䀋儥嚴6
[2013/11/04 20.01.33 | 104,964,650 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\飇嚴6
[2013/11/04 20.01.33 | 104,964,650 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\飇嚴6
[2013/10/30 17.43.00 | 104,185,711 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ↁꗡ嚴6
[2013/10/30 17.43.00 | 104,185,711 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ↁꗡ嚴6
[2013/10/28 13.53.30 | 103,734,365 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ﭗ⾔嚴6
[2013/10/28 13.53.30 | 103,734,365 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ﭗ⾔嚴6
[2013/10/18 17.39.21 | 101,792,164 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\铧炕嚴6
[2013/10/18 17.39.21 | 101,792,164 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\铧炕嚴6
[2013/10/15 08.04.19 | 101,076,544 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\言ܪ嚴6
[2013/10/15 08.04.19 | 101,076,544 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\言ܪ嚴6
[2013/10/12 06.58.31 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\俹�嚴6
[2013/10/12 06.58.31 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\俹�嚴6
[2013/10/11 01.37.59 | 100,413,408 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鈡⮰嚴6
[2013/10/11 01.37.59 | 100,413,408 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鈡⮰嚴6
[2013/09/27 10.57.21 | 098,201,609 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\狁膢嚴6
[2013/09/27 10.57.21 | 098,201,609 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\狁膢嚴6
[2013/09/23 20.23.16 | 098,685,961 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\苆嚴6
[2013/09/23 20.23.16 | 098,685,961 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\苆嚴6
[2013/09/19 12.47.28 | 098,352,290 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\슉쾫嚴6
[2013/09/19 12.47.28 | 098,352,290 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\슉쾫嚴6
[2013/09/15 11.36.38 | 097,600,188 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�疣嚴6
[2013/09/15 08.33.53 | 097,600,188 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�疣嚴6
[2013/09/13 12.41.26 | 097,463,612 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\挾鿌嚴6
[2013/09/13 12.41.26 | 097,463,612 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\挾鿌嚴6

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
shapiro
Inviato: Tuesday, December 24, 2013 8:25:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


se hai Ad-Aware come antivirus puoi anche rimuoverlo, non protegge per niente

apri otl e copia sotto "Custom Scans\Fixes questo


Code:
:OTL
MOD - C:\Documents and Settings\Administrator\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
SRV - (SoftwareUpd) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SoftwareUpdater\SoftwareUpdService.exe File not found
DRV - (WDICA) -- File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKU\.DEFAULT..\Run: [PosService] C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O4 - HKU\S-1-5-18..\Run: [PosService] C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O4 - HKU\S-1-5-21-823518204-436374069-839522115-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2013/11/24 18.57.46 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\첤辷嚴6
[2013/11/24 18.57.46 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\첤辷嚴6
[2013/11/13 20.01.37 | 104,136,834 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䀋儥嚴6
[2013/11/13 20.01.37 | 104,136,834 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䀋儥嚴6
[2013/11/04 20.01.33 | 104,964,650 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\飇嚴6
[2013/11/04 20.01.33 | 104,964,650 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\飇嚴6
[2013/10/30 17.43.00 | 104,185,711 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ↁꗡ嚴6
[2013/10/30 17.43.00 | 104,185,711 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ↁꗡ嚴6
[2013/10/28 13.53.30 | 103,734,365 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ﭗ⾔嚴6
[2013/10/28 13.53.30 | 103,734,365 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ﭗ⾔嚴6
[2013/10/18 17.39.21 | 101,792,164 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\铧炕嚴6
[2013/10/18 17.39.21 | 101,792,164 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\铧炕嚴6
[2013/10/15 08.04.19 | 101,076,544 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\言ܪ嚴6
[2013/10/15 08.04.19 | 101,076,544 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\言ܪ嚴6
[2013/10/12 06.58.31 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\俹�嚴6
[2013/10/12 06.58.31 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\俹�嚴6
[2013/10/11 01.37.59 | 100,413,408 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鈡⮰嚴6
[2013/10/11 01.37.59 | 100,413,408 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鈡⮰嚴6
[2013/09/27 10.57.21 | 098,201,609 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\狁膢嚴6
[2013/09/27 10.57.21 | 098,201,609 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\狁膢嚴6
[2013/09/23 20.23.16 | 098,685,961 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\苆嚴6
[2013/09/23 20.23.16 | 098,685,961 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\苆嚴6
[2013/09/19 12.47.28 | 098,352,290 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\슉쾫嚴6
[2013/09/19 12.47.28 | 098,352,290 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\슉쾫嚴6
[2013/09/15 11.36.38 | 097,600,188 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�疣嚴6
[2013/09/15 08.33.53 | 097,600,188 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�疣嚴6
[2013/09/13 12.41.26 | 097,463,612 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\挾鿌嚴6
[2013/09/13 12.41.26 | 097,463,612 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\挾鿌嚴6

:Files
ipconfig /flushdns /c

:commands
[purity]
[Reboot]


clicca su run fix e posta il log
pandoro
Inviato: Wednesday, December 25, 2013 9:54:41 AM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
Ciao, ho seguito le tue ultime istruzioni ma non mi è comparso nessun log, come mai?
P.S.: Buon Natale :)))
shapiro
Inviato: Wednesday, December 25, 2013 11:05:06 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


il log e' nella cartella C:\_OTL\MovedFiles\ come ggMMaaaa_hhmmss.log
pandoro
Inviato: Wednesday, December 25, 2013 7:57:33 PM

Rank: AiutAmico

Iscritto dal : 2/17/2012
Posts: 30
nella cartella ho trovato questol log (che però non aveva il nome che mi hai detto, ma penso sia quello giusto):

========== OTL ==========
Service SoftwareUpd stopped successfully!
Service SoftwareUpd deleted successfully!
File C:\Documents and Settings\Administrator\Local Settings\Application Data\SoftwareUpdater\SoftwareUpdService.exe File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service SBRE stopped successfully!
Service SBRE deleted successfully!
File C:\WINDOWS\system32\drivers\SBREdrv.sys File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\PosService deleted successfully.
C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\PosService not found.
File C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe not found.
Registry value HKEY_USERS\S-1-5-21-823518204-436374069-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
C:\WINDOWS\system32\첤辷嚴6 moved successfully.
File C:\WINDOWS\System32\첤辷嚴6 not found.
C:\WINDOWS\system32\䀋儥嚴6 moved successfully.
File C:\WINDOWS\System32\䀋儥嚴6 not found.
C:\WINDOWS\system32\飇嚴6 moved successfully.
File C:\WINDOWS\System32\飇嚴6 not found.
C:\WINDOWS\system32\ↁꗡ嚴6 moved successfully.
File C:\WINDOWS\System32\ↁꗡ嚴6 not found.
C:\WINDOWS\system32\ﭗ⾔嚴6 moved successfully.
File C:\WINDOWS\System32\ﭗ⾔嚴6 not found.
C:\WINDOWS\system32\铧炕嚴6 moved successfully.
File C:\WINDOWS\System32\铧炕嚴6 not found.
C:\WINDOWS\system32\言ܪ嚴6 moved successfully.
File C:\WINDOWS\System32\言ܪ嚴6 not found.
File C:\WINDOWS\System32\俹�嚴6 not found.
File C:\WINDOWS\System32\俹�嚴6 not found.
C:\WINDOWS\system32\鈡⮰嚴6 moved successfully.
File C:\WINDOWS\System32\鈡⮰嚴6 not found.
C:\WINDOWS\system32\狁膢嚴6 moved successfully.
File C:\WINDOWS\System32\狁膢嚴6 not found.
C:\WINDOWS\system32\苆嚴6 moved successfully.
File C:\WINDOWS\System32\苆嚴6 not found.
C:\WINDOWS\system32\슉쾫嚴6 moved successfully.
File C:\WINDOWS\System32\슉쾫嚴6 not found.
File C:\WINDOWS\System32\�疣嚴6 not found.
File C:\WINDOWS\System32\�疣嚴6 not found.
C:\WINDOWS\system32\挾鿌嚴6 moved successfully.
File C:\WINDOWS\System32\挾鿌嚴6 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12242013_210509

shapiro
Inviato: Wednesday, December 25, 2013 8:29:06 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ora dovresti avere il pc piu' brillante, per precauzione fammi questa scansione potrebbe essermi sfuggito qualcosa

Scarica e installa malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
viandy
Inviato: Saturday, December 28, 2013 6:25:08 PM
Rank: Newbie

Iscritto dal : 12/28/2013
Posts: 1
Per eliminare il virus di NationZoom gratis Le consiglio di seguire queste istruzioni - http://www.deletevirus.net/remove-nation-zoom-browser-hijacker-for-free/. Quest'antivirus ha il giudizio di 15 giorni libero, allora può togliere tutte le infezioni con il suo aiuto. Dopo che scruta il Suo PC con esso, per favore, clicchi "Tools" e "Reset browser settings"
r16
Inviato: Saturday, December 28, 2013 9:36:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
viandy ha scritto:
Per eliminare il virus di NationZoom gratis Le consiglio di seguire queste istruzioni - http://www.deletevirus.net/remove-nation-zoom-browser-hijacker-for-free/. Quest'antivirus ha il giudizio di 15 giorni libero, allora può togliere tutte le infezioni con il suo aiuto. Dopo che scruta il Suo PC con esso, per favore, clicchi "Tools" e "Reset browser settings"

Ma prima di fare installare software semisconosciuti all'utente, perchè non aspettare almeno il risultato delle operazioni di chi lo stà seguendo?
Se non per educazione, almeno per il rispetto nei suoi confronti.

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.