Come eliminare DO SEARCH - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Come eliminare DO SEARCH

2 pages: 1 [2]

Come eliminare DO SEARCH

Opzioni

Topic Precedente · Topic Sucessivo

sabbb

Inviato: Sunday, November 24, 2013 10:37:47 PM

Rank: AiutAmico

Iscritto dal : 9/12/2009
Posts: 6,632

animactor ha scritto:

Ciao

Ho scaricato hitman ma per eliminare i file che trova mi dice di mettere un codice di attivazione. Non c'è una versione gratuita

Basta gli dai un indirizzo e mail,e la licenza si attiva (per 30 giorni)

Anche fasullo glielo puoi dare.

Edit: Es: vergogniatevi@gmail.com (se non funziona..forse nemmeno Gmail lo vuole,allora mettine uno qualunque ;) )

Torna in alto

animactor

Inviato: Sunday, November 24, 2013 11:02:24 PM

Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52

Ciao.

Sono riuscito ad attivarlo, si.

Ma non trovo il log finale una volta eliminati i file con Hitman. Mi fa riavviare il computer ma non vedo dove andare a prendere i Log. C'è un percorso particolare come con OTL?....

Grazie

Torna in alto

animactor

Inviato: Sunday, November 24, 2013 11:19:16 PM

Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52

ecco cmq il log di OTL

OTL logfile created on: 11/24/2013 11:03:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3.92 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.47% Memory free
11.84 Gb Paging File | 9.57 Gb Available in Paging File | 80.84% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 8064 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270.39 Gb Total Space | 37.50 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 180.27 Gb Total Space | 20.63 Gb Free Space | 11.44% Space Free | Partition Type: NTFS
Drive W: | 15.00 Gb Total Space | 0.33 Gb Free Space | 2.21% Space Free | Partition Type: NTFS

Computer Name: JOHANNES | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (mi-raysat_3dsmax2013_64) -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (EUCR) -- C:\Windows\SysNative\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (fspad_xp64) -- C:\Windows\SysNative\drivers\fspad_xp64.sys (Sentelic Corporation)
DRV:64bit: - (fspad_wlh64) -- C:\Windows\SysNative\drivers\fspad_wlh64.sys (Sentelic Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1385056068&from=ild&uid=ST9500420AS_5VJ9KEYHXXXX5VJ9KEYH
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{9D652C0C-9318-4B47-8818-B0027E713AFA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSI2DF&pc=MAM2&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{E57C77B4-E3FC-42BE-9835-675B57DFD16F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSI2DF&pc=MAM2&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/u/0/?hl=it&shva=1#inbox
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\..\SearchScopes,DefaultScope = {07A51572-F0A0-419C-846D-A04DD8C5AC0E}
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\..\SearchScopes\{07A51572-F0A0-419C-846D-A04DD8C5AC0E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=it_IT&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^IT&apn_uid=6FAC17CE-E077-400E-BDFD-89945F17F01E&apn_sauid=B76EAECA-8314-4F19-BA32-E72C91DECFBE
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\..\SearchScopes\{1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\..\SearchScopes\{30149A19-E180-43CD-AE7B-86FB0187C6D0}: "URL" = http://it.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?hl=it&shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/10/05 10:45:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 19:23:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 19:23:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7aca4912-f9f2-4dfc-90d2-9fd87d62af55}: C:\Program Files (x86)\LyricsArt\130.xpi

[2013/08/31 11:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/11/22 22:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\umqtab1g.default-1385079604495\extensions
[2013/11/21 19:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\zbmk65mc.default-1374083742601\extensions
[2013/11/22 22:39:31 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\umqtab1g.default-1385079604495\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/15 19:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/15 19:23:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/15 19:23:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/15 19:23:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/15 19:23:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/15 19:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 19:23:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/15 19:23:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://do-search.com/?type=hp&ts=1385056068&from=ild&uid=ST9500420AS_5VJ9KEYHXXXX5VJ9KEYH
CHR - Extension: SiteAdvisor = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/11/23 23:26:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-166822519-1469985362-3066766102-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-166822519-1469985362-3066766102-500..\Run: [Facebook Update] C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-166822519-1469985362-3066766102-500..\Run: [Spotify Web Helper] C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-166822519-1469985362-3066766102-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-166822519-1469985362-3066766102-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-166822519-1469985362-3066766102-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-166822519-1469985362-3066766102-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF5E926-C7F3-4F94-BFE9-42227CDA47FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4C6568C-21C1-415C-8AFB-35C5FE00D2BE}: DhcpNameServer = 151.9.92.2 212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C680EEDA-EE0F-4437-8755-105D9B3B109D}: DhcpNameServer = 192.168.1.1 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/14 18:11:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/11/24 21:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/11/24 21:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/24 16:49:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/24 16:49:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/24 16:49:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/24 16:49:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/24 16:49:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/24 16:49:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/24 16:49:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/24 16:49:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/24 16:49:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/24 16:49:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/24 16:49:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/24 16:49:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/24 16:49:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/24 16:49:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/24 16:49:28 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/24 16:24:21 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/11/24 12:13:52 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/11/24 12:13:50 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/11/24 12:13:34 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/24 12:13:33 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/11/24 12:12:28 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys
[2013/11/24 12:12:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/24 12:12:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/24 12:12:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/11/24 12:12:21 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/24 12:12:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/24 12:12:16 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/11/24 12:12:16 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/11/24 12:12:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2013/11/24 12:12:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2013/11/24 12:12:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2013/11/24 12:12:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/11/24 12:12:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2013/11/24 12:12:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/11/24 12:12:11 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/24 12:12:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/24 12:12:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/24 12:12:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/24 12:12:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/24 12:12:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/11/24 12:12:03 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/11/24 12:12:03 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/11/24 12:12:02 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/11/24 12:12:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/11/24 12:12:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/11/24 12:12:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/11/24 12:12:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/11/24 12:12:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/24 12:12:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/11/24 12:12:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/11/24 12:12:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/24 12:12:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/11/24 12:12:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/11/24 12:12:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/11/24 12:12:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/24 12:12:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/24 12:11:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/11/24 12:11:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apisetschema.dll
[2013/11/24 12:11:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/11/24 12:11:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/11/24 12:11:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/11/24 12:11:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/11/24 12:11:42 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/11/24 12:11:42 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/11/24 12:11:35 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/11/24 12:11:33 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/11/24 12:11:33 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/11/24 12:11:29 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013/11/24 12:11:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/11/24 12:11:26 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/11/24 12:11:21 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/11/24 12:11:21 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/11/24 12:11:20 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/11/24 12:11:20 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/11/24 12:11:19 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/11/24 12:11:19 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/11/24 12:11:19 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/11/24 12:11:18 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/11/24 12:11:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/11/24 12:11:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/11/24 12:11:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/11/24 12:11:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/11/24 12:11:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/11/24 12:10:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/11/24 12:10:37 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/24 12:10:31 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/11/24 12:10:31 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/11/24 12:09:52 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/11/24 12:03:22 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/24 12:03:21 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/24 12:03:21 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/24 12:03:21 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/11/24 12:03:20 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scavengeui.dll
[2013/11/23 23:30:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/23 23:30:24 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/11/23 22:51:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/11/23 22:51:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/11/23 22:51:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/11/23 22:50:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/23 22:50:27 | 005,149,261 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/11/23 22:29:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/23 20:50:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Problemi
[2013/11/23 14:59:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/11/23 13:27:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/21 18:49:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.android
[2013/11/21 18:49:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Mobogenie
[2013/11/21 18:49:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\cache
[2013/11/15 19:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/15 19:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/03 19:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/11/03 19:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013/10/30 22:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JustCloud
[2013/10/30 22:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013/10/20 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\00_Thomas Art
[2013/10/19 11:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 11:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/19 11:50:13 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/10/19 11:50:03 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/19 11:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/13 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2013/10/11 18:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/09/29 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
[2013/09/29 17:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LIMBO
[2013/09/29 15:59:49 | 000,000,000 | ---D | C] -- C:\windows\Robin Hood 1.0
[2009/05/14 21:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 21:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[51 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

File not found -- C:\windows\SysNative\
[2013/11/24 22:58:01 | 000,001,210 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-166822519-1469985362-3066766102-500UA.job
[2013/11/24 22:58:00 | 000,001,188 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-166822519-1469985362-3066766102-500Core.job
[2013/11/24 22:51:12 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 22:51:12 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 22:51:05 | 001,654,670 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/24 22:51:05 | 000,739,482 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2013/11/24 22:51:05 | 000,652,376 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/24 22:51:05 | 000,146,522 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2013/11/24 22:51:05 | 000,121,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/24 22:45:00 | 000,000,978 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/24 22:42:54 | 000,001,144 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/24 22:42:40 | 000,032,512 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/11/24 22:42:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/24 22:42:33 | 3155,894,272 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/24 22:40:45 | 000,008,914 | ---- | M] () -- C:\windows\SysNative\.crusader
[2013/11/24 22:20:00 | 000,001,148 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/24 21:19:15 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/11/24 21:08:55 | 010,607,632 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/24 16:46:07 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/11/24 16:34:29 | 001,634,336 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/11/23 23:26:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/11/23 22:49:56 | 005,149,261 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/11/23 13:25:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/11/22 23:47:06 | 000,001,442 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2013/11/22 08:37:28 | 000,001,474 | ---- | M] () -- C:\Users\Administrator\Desktop\Mozilla Firefox.lnk
[2013/11/18 18:40:23 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/11/18 18:40:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/15 19:05:42 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/15 19:05:42 | 000,001,941 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/30 22:34:56 | 000,001,259 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013/10/19 11:49:56 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/10/19 11:49:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/10/19 11:49:56 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/10/19 11:49:56 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/13 16:53:46 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013/10/12 09:45:44 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/10/12 09:43:56 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/10/12 09:43:37 | 003,959,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/10/12 09:43:37 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/10/12 09:43:32 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/10/12 09:43:32 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/10/12 09:43:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/10/12 09:43:32 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/10/12 08:02:33 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/10/12 08:02:29 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/10/12 08:02:29 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/10/12 08:02:29 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/10/12 08:02:29 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/10/12 06:44:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/10/12 06:15:39 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/12 03:30:42 | 000,830,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/10/12 03:29:08 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/10/12 03:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/10/12 03:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/10/05 21:25:35 | 001,474,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/10/04 03:28:31 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/10/04 03:25:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/10/04 03:24:49 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/10/04 02:58:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/10/04 02:56:00 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/10/03 03:23:48 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/09/29 17:23:18 | 000,000,933 | ---- | M] () -- C:\Users\Administrator\Desktop\LIMBO.lnk
[2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\NisDrvWFP.sys
[51 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\windows\SysNative\
[2013/11/24 22:40:45 | 000,008,914 | ---- | C] () -- C:\windows\SysNative\.crusader
[2013/11/24 21:52:06 | 000,032,512 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/11/24 21:19:15 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/11/23 22:51:11 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/11/23 22:51:11 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/11/23 22:51:11 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/11/23 22:51:11 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/11/23 22:51:11 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/11/22 08:37:28 | 000,001,474 | ---- | C] () -- C:\Users\Administrator\Desktop\Mozilla Firefox.lnk
[2013/11/15 19:05:42 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/03 19:27:16 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013/10/13 16:53:46 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013/09/29 17:23:18 | 000,000,933 | ---- | C] () -- C:\Users\Administrator\Desktop\LIMBO.lnk
[2013/06/18 23:25:45 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2013/06/18 23:25:45 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2013/06/18 23:25:44 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2013/06/18 23:25:41 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2013/03/14 18:44:51 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/02/18 22:08:49 | 000,234,544 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2013/02/18 19:04:33 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2013/02/18 14:12:20 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe
[2012/04/24 11:18:05 | 000,000,021 | ---- | C] () -- C:\windows\SurCode.INI
[2012/01/22 17:55:25 | 000,009,728 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/03 15:41:56 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/08/16 21:23:01 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\{198114FF-B5CE-4A3A-9F97-40FE5ECD7AA8}
[2011/05/10 18:50:53 | 976,049,976 | R--- | C] () -- C:\Program Files (x86)\(App-Ita) Adobe Photoshop Cs2.zip
[2011/04/30 13:22:15 | 000,000,103 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2011/04/30 11:55:52 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/30 18:37:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2013/07/06 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2013/02/19 11:46:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2012/04/24 07:54:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/04/02 18:55:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2012/05/16 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\eMule AdunanzA
[2013/02/11 12:01:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2013/08/16 00:26:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameRanger
[2011/08/02 10:40:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\go
[2013/06/18 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HoolappForAndroid
[2012/09/16 13:18:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
[2012/05/03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImTOO
[2013/02/11 18:47:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2013/09/19 21:37:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
[2011/09/04 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012/06/12 22:17:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012/04/24 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PACE Anti-Piracy
[2012/12/10 16:29:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2013/01/19 14:28:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers
[2013/02/23 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\REAPER
[2013/06/14 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SoftGrid Client
[2013/01/19 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony
[2013/11/20 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2013/02/13 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spyware Terminator
[2012/04/24 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/07 12:21:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2011/11/27 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TP
[2013/11/24 22:41:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013/02/13 15:40:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========

< End of report >

Fatemi sapere.

Grazie ancora

Torna in alto

shapiro

Inviato: Monday, November 25, 2013 11:48:00 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

apri otl come prima e incolla questo codice nel box bianco e premi run fix

Code:

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://do-search.com/?type=hp&ts=1385056068&from=ild&uid=ST9500420AS_5VJ9KEYHXXX
X5VJ9KEYH
CHR - homepage:
http://do-search.com/?type=hp&ts=1385056068&from=ild&uid=ST9500420AS_5VJ9KEYHXXX
X5VJ9KEYH
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\..\SearchScopes\{07A51572-F0A0-419C-846D-A04DD8C5AC0E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=it_IT&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^IT&apn_uid=6FAC17CE-E077-400E-BDFD-89945F17F01E&apn_sauid=B76EAECA-8314-4F19-BA32-E72C91DECFBE
[2011/04/30 11:55:52 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

:Files
ipconfig /flushdns /c

:commands
[purity]
[Reboot]

allega il log nella tua prossima risposta e controlla se hai ancora il rilevamento a do-search

Torna in alto

bingoo

Inviato: Monday, November 25, 2013 1:08:38 PM

Rank: AiutAmico

Iscritto dal : 10/22/2013
Posts: 148

@shapiro .... ciao dal fu / ex maopapof

scusa ma ...... http://www.yac.mx/it/guides/virus-guides/how-to-remove-searchsnapdo-redirect-through-isafe-virus-removal-tool.html

può esserti utile ? .... ciao :O)

Torna in alto

animactor

Inviato: Monday, November 25, 2013 7:59:25 PM

Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52

Salve a tutti!

é almeno un paio di volte che non mi mostra Do Search.

Ti allego qui il LOG che ho avuto da OTL. Il primo...

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_USERS\S-1-5-21-166822519-1469985362-3066766102-500\Software\Microsoft\Internet Explorer\SearchScopes\{07A51572-F0A0-419C-846D-A04DD8C5AC0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07A51572-F0A0-419C-846D-A04DD8C5AC0E}\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11252013_195459

Fammi sapere se cìè altro che devo fare, ok?

Grazie ancora

Torna in alto

shapiro

Inviato: Monday, November 25, 2013 8:05:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

fai queste pulizie

scarica ccleaner http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo (senza la toolbar aggiuntiva)
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

disattiva il ripristino

riavvia il pc

riattivalo e crea un punto nuovo

svuota la cartella prefetch la trovi nella windows

se non riscontri altri problemi dopo le pulizie, possiamo salutarci

Torna in alto

animactor

Inviato: Monday, November 25, 2013 8:43:22 PM

Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52

devo spuntare qualcosa di particolare prima di effettuare la pulizia o vanno bene le cose che spunta il programma in automatico?

Come ho riaperto firefox dopo la prima pulizia è ricomparso DO SEARCH...:(

Torna in alto

shapiro

Inviato: Monday, November 25, 2013 8:47:33 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

leggi qui

Torna in alto

animactor

Inviato: Monday, November 25, 2013 9:05:11 PM

Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52

Guarda:

Ho eseguito le procedure qui scritte ma non ho trovato nè estensioni nominate come do search , nè programmi con questo nome.

Ho eliminato tutte le estensioni saltatemi fuori quando ho aperto le proprietà sulle icone di Chrome, Explorer e Firefox, lo ho eliminato dai motori di ricerca e ho reimpostato la pagina iniziale.

Non trovo niente anche cercando sulla ricerca di file e cartelle sul menù start che abbia a che fare con do search quindi non saprei cosa eliminare.

Ora provo a fare una nuova scansione con CCleaner e poi a riavviare.

Può esser che mi riapra la pagina di Do Search prchè è salvata nei punti di ripristino del sitema?

Grazie ancora dell'aiuto e della pazienza soprattutto.

Torna in alto

animactor

Inviato: Monday, November 25, 2013 9:20:58 PM

Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52

shapiro ha scritto:

Cosa volevi dire con "Disattiva il ripristino"?

E' una cosa che dovrebbe saltarmi fuori da CCleaner?....

Torna in alto

shapiro

Inviato: Monday, November 25, 2013 9:31:15 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Come disattivare e attivare il ripristino in Windows 7

prova a ripristinare firefox >>> ripristino firefox

Torna in alto

ciocca956

Inviato: Wednesday, November 27, 2013 6:00:45 PM

Rank: AiutAmico

Iscritto dal : 1/5/2012
Posts: 4,102

animactor ha scritto:

Ciao.
Non so dove si insedi Do-Search però da qualche parte si radica e rimane perfettamente nascosto e attivo.

Un paio di settimane fa sono riuscito a toglierlo dal portatile di mia figlia con Win 7 e broswer I.E. e Chrome. Non ha Firefox

Con le scansioni di Malawarebites e ADW cleaner si eliminava qualcosa ma rimaneva.

Fra le estensioni sia di Chrome che I.E. non compariva. Compariva solo nei motori di ricerca ma la loro eliminazione era ininfluente perchè puntualmente riappariva.
Ho fatto una scansione con HJT e ho eliminato tutte le voci (5-6) che facevano riferimento a Do-search ma anche così riappariva. Allora ho provato a disinstallare Chrome e I.E.
I.E. veniva disinstallato me non so perchè si installava la versione precedente e aveva Do-Search pure questa.
Ho provato a fare una scansione di Malawarebites in Modalità Provvisoria e ha trovato due voci di Do-Search ed eliminate.
Al riavvio in Modalità normale ed eliminato Do-Search dai motori di ricerca di I.E.9 non è più riapparso. Reinstallati I.E.10 e Chrome
finalmente liberati da Do-Search.

Non so se la procedura che ho seguito è ortodossa o no però ha funzionato.
A.

Torna in alto

Utenti presenti in questo topic

Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Come eliminare DO SEARCH

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded