Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers (IE, Chrome & Firefox) infected with ads that keep redirecting


  • This topic is locked This topic is locked
7 replies to this topic

#1 Chris5150

Chris5150

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 04 November 2014 - 01:13 PM

All my browsers are infected with a malware (i think) that keeps redirecting the page to ads/other malicious pages.

Recently I've installed Opera and it seems not to be infected. All the other browsers are infected, especially Chrome (every 2 or 5 minutes appear a message that says to update java/flash and then it redirects my page to other malicious pages or ads. It's impossible to browse the Internet.

This is the report from DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by Windows7 at 18:58:27 on 2014-11-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.2047.601 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\IePluginServices\PluginService.exe
C:\ProgramData\WPM\wprotectmanager.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\programdata\appsnow\sw_booster\SW_Booster.exe
C:\Windows\System32\schtasks.exe
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Philips SPM 7800\gmPoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Philips SPM 7800\gmOpen.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\taskhost.exe
C:\Users\Windows7\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera_crashreporter.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.gboxapp.com/
uSearch Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1402571232&from=wpm0612&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
uDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400083341&from=cor&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430
uDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402571232&from=wpm0612&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
mStart Page = hxxp://search.gboxapp.com/
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400083341&from=cor&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400083341&from=cor&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400083341&from=cor&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
BHO: sAvE oon: {0240A755-3376-D99D-E2C6-A14262F14147} - C:\Program Files (x86)\sAvE oon\xhaCr4K.dll
BHO: Tiger Savings: {11111111-1111-1111-1111-110111271167} - 
BHO: FinndBEstDDeal: {26ae1825-43ff-4f6b-be3d-701ce0018c4a} - C:\ProgramData\FinndBEstDDeal\mLSUURKjamlSzi.dll
BHO: surof  aaNd  keueip: {2C2E05A3-75EE-F5D9-F2D2-CA4C7A35B21E} - 
BHO: MySearch: {640064F0-6371-AB6E-A758-DF8A32696544} - C:\Program Files (x86)\MySearch\3.dll
BHO: save onn: {695D3AF0-BAEF-BFD6-88B0-20D456C4F392} - C:\Program Files (x86)\save onn\BHMLh8fbV.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Guida per l'accesso all'account Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Lyric Star: {94B541D6-E74E-4436-A601-324694E83C6B} - 
BHO: Adblocker: {A33BBCB0-9123-91BD-E103-386634F0C082} - C:\Program Files (x86)\Adblocker\jdr1uDt7.dll
BHO: DeeAlExxpriEss: {bb3e4169-739e-4bcb-bab0-dbebab311ede} - C:\ProgramData\DeeAlExxpriEss\gvxXGz6HUHF7SE.dll
BHO: GoSave: {bceae9b7-1e0a-49f6-a074-e763241c2f53} - C:\ProgramData\GoSave\Ng2ykBxriFB3PY.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: sAve on: {EFD82B5E-4694-962C-66F8-C7B07D309959} - C:\Program Files (x86)\sAve on\KbL7HkBOa.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
mRun: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [36X Raid Configurer] C:\Windows\SysWOW64\xRaidSetup.exe boot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
StartupFolder: C:\Users\Windows7\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{70866303-B2D2-4CF2-BA26-3E8925598854} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{74215E8A-05B8-4561-A907-8AEC51CD0CC9} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~2\suptab\search~1.dll   c:\progra~2\sw_boo~1\assist~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://search.gboxapp.com/
x64-mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394127207&from=slbnew&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400083341&from=cor&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430
x64-mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394127207&from=slbnew&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
x64-mSearchAssistant = hxxp://www.sweet-page.com/web/?type=ds&ts=1400083341&from=cor&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
x64-mCustomizeSearch = hxxp://www.sweet-page.com/web/?type=ds&ts=1400083341&from=cor&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S099243092430&q={searchTerms}
x64-BHO: sAvE oon: {0240A755-3376-D99D-E2C6-A14262F14147} - C:\Program Files (x86)\sAvE oon\xhaCr4K.x64.dll
x64-BHO: FinndBEstDDeal: {26ae1825-43ff-4f6b-be3d-701ce0018c4a} - C:\ProgramData\FinndBEstDDeal\mLSUURKjamlSzi.x64.dll
x64-BHO: surof  aaNd  keueip: {2C2E05A3-75EE-F5D9-F2D2-CA4C7A35B21E} - 
x64-BHO: MySearch: {640064F0-6371-AB6E-A758-DF8A32696544} - C:\Program Files (x86)\MySearch\3.x64.dll
x64-BHO: save onn: {695D3AF0-BAEF-BFD6-88B0-20D456C4F392} - C:\Program Files (x86)\save onn\BHMLh8fbV.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adblocker: {A33BBCB0-9123-91BD-E103-386634F0C082} - C:\Program Files (x86)\Adblocker\jdr1uDt7.x64.dll
x64-BHO: DeeAlExxpriEss: {bb3e4169-739e-4bcb-bab0-dbebab311ede} - C:\ProgramData\DeeAlExxpriEss\gvxXGz6HUHF7SE.x64.dll
x64-BHO: GoSave: {bceae9b7-1e0a-49f6-a074-e763241c2f53} - C:\ProgramData\GoSave\Ng2ykBxriFB3PY.x64.dll
x64-BHO: sAve on: {EFD82B5E-4694-962C-66F8-C7B07D309959} - C:\Program Files (x86)\sAve on\KbL7HkBOa.x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [gmPoint] C:\Program Files\Philips SPM 7800\gmPoint.exe
x64-Run: [gmOpen] C:\Program Files\Philips SPM 7800\gmOpen.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\vj8oa7e0.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Windows7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Windows7\Documents\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll
FF - plugin: C:\Users\Windows7\Documents\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypchub.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-27 283200]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2013-1-27 16384]
R2 3e9deaca;SW_Sustainer;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-1-27 96896]
R2 IePluginServices;IePlugin Services;C:\ProgramData\IePluginServices\PluginService.exe -service --> C:\ProgramData\IePluginServices\PluginService.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-14 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-14 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-14 168384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2014-8-16 21656]
R3 gmhidlow;HID Mouse Lower Filter;C:\Windows\System32\drivers\gmhidlow.sys [2013-1-27 14720]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2014-1-18 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-8-16 1579936]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-29 19456]
S3 StorSvc;Servizio di archiviazione;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-29 30208]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2014-1-18 758224]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-28 1255736]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-04 11:53:53 -------- d-----w- C:\Users\Windows7\AppData\Local\Opera Software
2014-11-04 11:53:52 -------- d-----w- C:\Users\Windows7\AppData\Roaming\Opera Software
2014-11-04 07:48:17 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B54AFCB9-0170-4061-8033-4DE37DCB4AC2}\offreg.dll
2014-11-04 07:44:05 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB02A5B3-7C71-4D65-AB4F-DAE6A53B392B}\gapaengine.dll
2014-11-04 07:42:03 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B54AFCB9-0170-4061-8033-4DE37DCB4AC2}\mpengine.dll
2014-11-02 14:05:29 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79DB7402-449C-4FF7-97F0-7E3C0F756944}\gapaengine.dll
2014-11-02 14:05:10 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-28 11:46:28 -------- d-----w- C:\ProgramData\GoSave
2014-10-28 11:45:17 -------- d-----w- C:\ProgramData\dcfeenokglcbhcddedhhnfkahkdkcjha
2014-10-27 12:27:31 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-19 11:01:12 -------- d-----w- C:\ProgramData\DeeAlExxpriEss
2014-10-16 18:07:03 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 18:04:12 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-16 18:04:11 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-16 18:04:06 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-16 18:04:06 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-10-16 18:04:06 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-10-16 18:04:06 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-10-16 18:04:06 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-16 18:04:06 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-16 18:04:06 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-16 18:04:05 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-16 18:04:04 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-16 18:04:00 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-16 18:04:00 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
==================== Find3M  ====================
.
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 11:29:27 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-24 11:29:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-02 18:32:40 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 11:27:24 4 ----a-w- C:\Users\Windows7\AppData\Roaming\appdataFr2.bin
2014-08-16 11:48:59 21656 ----a-w- C:\Windows\System32\drivers\evolve.sys
.
============= FINISH: 19:02:55,46 ===============
 

Attached File  Attach.txt   7.71KB   3 downloads



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:09:31 AM

Posted 08 November 2014 - 08:49 AM

Hi. I'm checking your log now and will reply with instructions soon.

#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:09:31 AM

Posted 08 November 2014 - 09:47 AM

Follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the number of the most recent report).

2.- Download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.

3.- Please download RogueKiller and Save to the desktop.

  • Close all windows and browsers
  • Double click on RogueKillerX64.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

 



#4 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 09 December 2014 - 07:23 AM

1.- 

# AdwCleaner v4.105 - Rapporto creato 09/12/2014 in 12:55:06
# Aggiornato 08/12/2014 di Xplode
# Database : 2014-12-08.2 [Live]
# Sistema operativo : Windows 7 Professional Service Pack 1 (64 bits)
# Nome utente : Windows7 - WINDOWS7-PC
# In esecuzione da : C:\Users\Windows7\Downloads\AdwCleaner.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
Servizio Eliminato : 3e9deaca
Servizio Eliminato : IePluginServices
Servizio Eliminato : Wpm
 
***** [ File / Cartelle ] *****
 
Cartella Eliminato : C:\ProgramData\apn
Cartella Eliminato : C:\ProgramData\Browse2Save
Cartella Eliminato : C:\ProgramData\DSearchLink
Cartella Eliminato : C:\ProgramData\GinyasBrowserCompanion
Cartella Eliminato : C:\ProgramData\IePluginService
Cartella Eliminato : C:\ProgramData\IePluginServices
Cartella Eliminato : C:\ProgramData\MySearch
Cartella Eliminato : C:\ProgramData\NewSaVer
Cartella Eliminato : C:\ProgramData\QuickSet
Cartella Eliminato : C:\ProgramData\RightClick
Cartella Eliminato : C:\ProgramData\Tarma Installer
Cartella Eliminato : C:\ProgramData\WPM
Cartella Eliminato : C:\ProgramData\GoSave
Cartella Eliminato : C:\ProgramData\AAlolSaver
Cartella Eliminato : C:\ProgramData\Adblocker
Cartella Eliminato : C:\ProgramData\BitSAver
Cartella Eliminato : C:\ProgramData\DeeAlExxpriEss
Cartella Eliminato : C:\ProgramData\FinndBEstDDeal
Cartella Eliminato : C:\ProgramData\Huapppy2Save
Cartella Eliminato : C:\ProgramData\RandomPrice
Cartella Eliminato : C:\ProgramData\RegularDeals
Cartella Eliminato : C:\ProgramData\sAve on
Cartella Eliminato : C:\ProgramData\save onn
Cartella Eliminato : C:\ProgramData\sAvE oon
Cartella Eliminato : C:\ProgramData\surf andi  Keep
Cartella Eliminato : C:\ProgramData\surof  aaNd  keueip
Cartella Eliminato : C:\ProgramData\cbb39b6313d3a7ac
Cartella Eliminato : C:\Program Files (x86)\Mobogenie
Cartella Eliminato : C:\Program Files (x86)\MySearch
Cartella Eliminato : C:\Program Files (x86)\NewSaVer
Cartella Eliminato : C:\Program Files (x86)\SupTab
Cartella Eliminato : C:\Program Files (x86)\AAlolSaver
Cartella Eliminato : C:\Program Files (x86)\Adblocker
Cartella Eliminato : C:\Program Files (x86)\BitSAver
Cartella Eliminato : C:\Program Files (x86)\Huapppy2Save
Cartella Eliminato : C:\Program Files (x86)\RandomPrice
Cartella Eliminato : C:\Program Files (x86)\sAve on
Cartella Eliminato : C:\Program Files (x86)\save onn
Cartella Eliminato : C:\Program Files (x86)\sAvE oon
Cartella Eliminato : C:\Users\Windows7\AppData\Local\Temp\apn
Cartella Eliminato : C:\Users\Windows7\AppData\Local\Temp\webget
Cartella Eliminato : C:\Users\Administrator\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\Administrator\AppData\Local\torch
Cartella Eliminato : C:\Users\Guest\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\Guest\AppData\Local\torch
Cartella Eliminato : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\HomeGroupUser$\AppData\Local\torch
Cartella Eliminato : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\UpdatusUser\AppData\Local\torch
Cartella Eliminato : C:\Users\wangzhisong\AppData\Local\Mobogenie
Cartella Eliminato : C:\Users\Windows7\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\Windows7\AppData\Local\lollipop
Cartella Eliminato : C:\Users\Windows7\AppData\Local\Mobogenie
Cartella Eliminato : C:\Users\Windows7\AppData\Local\torch
Cartella Eliminato : C:\Users\Windows7\AppData\LocalLow\Browse2Save
Cartella Eliminato : C:\Users\Windows7\AppData\LocalLow\Delta
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\337Games
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\DigitalSites
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\NCdownloader
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\Solvusoft
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\sweet-page
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\Systweak
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
Cartella Eliminato : C:\Users\Windows7\Documents\Mobogenie
Cartella Eliminato : C:\Users\Windows7\Documents\Updater
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\vj8oa7e0.default\Extensions\bbrs_002@blabbers.com
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\vj8oa7e0.default\Extensions\am@g.org
Cartella Eliminato : C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\vj8oa7e0.default\Extensions\zr2@t.net
File Eliminato : C:\END
File Eliminato : C:\Windows\System32\roboot64.exe
File Eliminato : C:\Users\Windows7\daemonprocess.txt
File Eliminato : C:\Users\Windows7\AppData\Roaming\LiveSupport.exe_log.txt
File Eliminato : C:\Users\Windows7\AppData\Roaming\regsvr32.exe_log.txt
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Eliminato : C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Compiti ] *****
 
Compito Eliminati : BrowserDefendert
Compito Eliminati : Digital Sites
Compito Eliminati : GinyasBrowserCompanion Chrome Watcher
Compito Eliminati : GinyasBrowserCompanion FireFox Watcher
Compito Eliminati : GinyasBrowserCompanion Stats Report
Compito Eliminati : GinyasBrowserCompanion Update Checker
Compito Eliminati : schedule!3036567561
Compito Eliminati : DriverEasy Scheduled Scan
Compito Eliminati : SW_Booster-S-1753690899
 
***** [ Collegamenti ] *****
 
Collegamento Disinfetatti : C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Collegamento Disinfetatti : C:\Users\Windows7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Collegamento Disinfetatti : C:\Users\Windows7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
 
***** [ Registro ] *****
 
Valore Eliminati : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Valore Eliminati : HKCU\Software\Mozilla\Firefox\Extensions [LyricStar@KSYngsoft.net]
Valore Eliminati : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Valore Eliminati : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [shortcutff@gmail.com]
Chiave Eliminati : HKCU\Software\Classes\Applications\lollipop.exe
Chiave Eliminati : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Valore Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\Prod.cap
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chiave Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chiave Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Chiave Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Chiave Eliminati : HKCU\Software\Mozilla\Extends
Chiave Eliminati : HKLM\SOFTWARE\Classes\.
Chiave Eliminati : HKLM\SOFTWARE\Classes\..10
Chiave Eliminati : HKLM\SOFTWARE\Classes\RandomPrice.RandomPrice
Chiave Eliminati : HKLM\SOFTWARE\Classes\RandomPrice.RandomPrice.6.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\..9
Chiave Eliminati : HKLM\SOFTWARE\Classes\Happy2Save.Happy2Save
Chiave Eliminati : HKLM\SOFTWARE\Classes\Happy2Save.Happy2Save.2.5
Chiave Eliminati : HKLM\SOFTWARE\Classes\BitSaaver.BitSaaver
Chiave Eliminati : HKLM\SOFTWARE\Classes\BitSaaver.BitSaaver.5.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\Adblocker.Adblocker
Chiave Eliminati : HKLM\SOFTWARE\Classes\Adblocker.Adblocker.1.0
Chiave Eliminati : HKLM\SOFTWARE\Classes\NeewSaveRu.NeewSaveRu
Chiave Eliminati : HKLM\SOFTWARE\Classes\NeewSaveRu.NeewSaveRu.1.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\AllSavaeri.AllSavaeri
Chiave Eliminati : HKLM\SOFTWARE\Classes\AllSavaeri.AllSavaeri.1.4
Chiave Eliminati : HKCU\Software\58ed98fe16fea15
Chiave Eliminati : HKLM\SOFTWARE\58ed98fe16fea15
Chiave Eliminati : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1495795506
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-161304646
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1753690899
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e9deaca}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CrossriderApp0012767.BHO
Chiave Eliminati : HKLM\SOFTWARE\Classes\CrossriderApp0012767.Sandbox
Chiave Eliminati : HKLM\SOFTWARE\Classes\CrossriderApp0012767.Sandbox.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{94B541D6-E74E-4436-A601-324694E83C6B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{0240A755-3376-D99D-E2C6-A14262F14147}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{0a274b32-d751-4708-9ea3-ceb917edd5f7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1C3A8C3C-4E9B-6576-4F2F-8CE1CF959D72}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{26ae1825-43ff-4f6b-be3d-701ce0018c4a}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{2C2E05A3-75EE-F5D9-F2D2-CA4C7A35B21E}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{2C59075A-DD50-17D5-DB83-F22738D95C25}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{4E5D95BB-34E2-40CA-559D-980529B442FF}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{695D3AF0-BAEF-BFD6-88B0-20D456C4F392}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A33BBCB0-9123-91BD-E103-386634F0C082}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{bb3e4169-739e-4bcb-bab0-dbebab311ede}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{bceae9b7-1e0a-49f6-a074-e763241c2f53}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{c6fe75dc-e789-43c5-ac8f-52f8470684ed}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{C79CE3A5-ED6C-C8CD-790C-F4018E5FD980}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{EFD82B5E-4694-962C-66F8-C7B07D309959}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{F19C2D99-7C6D-2D04-05D7-1FBB67934FA4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271167}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272267}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275567}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276667}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a274b32-d751-4708-9ea3-ceb917edd5f7}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6fe75dc-e789-43c5-ac8f-52f8470684ed}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94B541D6-E74E-4436-A601-324694E83C6B}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0240A755-3376-D99D-E2C6-A14262F14147}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0a274b32-d751-4708-9ea3-ceb917edd5f7}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26ae1825-43ff-4f6b-be3d-701ce0018c4a}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C2E05A3-75EE-F5D9-F2D2-CA4C7A35B21E}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{695D3AF0-BAEF-BFD6-88B0-20D456C4F392}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A33BBCB0-9123-91BD-E103-386634F0C082}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bb3e4169-739e-4bcb-bab0-dbebab311ede}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bceae9b7-1e0a-49f6-a074-e763241c2f53}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6fe75dc-e789-43c5-ac8f-52f8470684ed}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C79CE3A5-ED6C-C8CD-790C-F4018E5FD980}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFD82B5E-4694-962C-66F8-C7B07D309959}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271167}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94B541D6-E74E-4436-A601-324694E83C6B}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0240A755-3376-D99D-E2C6-A14262F14147}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0a274b32-d751-4708-9ea3-ceb917edd5f7}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26ae1825-43ff-4f6b-be3d-701ce0018c4a}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C2E05A3-75EE-F5D9-F2D2-CA4C7A35B21E}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{695D3AF0-BAEF-BFD6-88B0-20D456C4F392}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A33BBCB0-9123-91BD-E103-386634F0C082}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bb3e4169-739e-4bcb-bab0-dbebab311ede}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bceae9b7-1e0a-49f6-a074-e763241c2f53}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c6fe75dc-e789-43c5-ac8f-52f8470684ed}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C79CE3A5-ED6C-C8CD-790C-F4018E5FD980}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFD82B5E-4694-962C-66F8-C7B07D309959}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111271167}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0240A755-3376-D99D-E2C6-A14262F14147}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0a274b32-d751-4708-9ea3-ceb917edd5f7}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1C3A8C3C-4E9B-6576-4F2F-8CE1CF959D72}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26ae1825-43ff-4f6b-be3d-701ce0018c4a}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2C2E05A3-75EE-F5D9-F2D2-CA4C7A35B21E}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2C59075A-DD50-17D5-DB83-F22738D95C25}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E5D95BB-34E2-40CA-559D-980529B442FF}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{695D3AF0-BAEF-BFD6-88B0-20D456C4F392}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A33BBCB0-9123-91BD-E103-386634F0C082}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bb3e4169-739e-4bcb-bab0-dbebab311ede}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bceae9b7-1e0a-49f6-a074-e763241c2f53}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c6fe75dc-e789-43c5-ac8f-52f8470684ed}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C79CE3A5-ED6C-C8CD-790C-F4018E5FD980}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EFD82B5E-4694-962C-66F8-C7B07D309959}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F19C2D99-7C6D-2D04-05D7-1FBB67934FA4}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{0240A755-3376-D99D-E2C6-A14262F14147}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{0a274b32-d751-4708-9ea3-ceb917edd5f7}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{1C3A8C3C-4E9B-6576-4F2F-8CE1CF959D72}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{26ae1825-43ff-4f6b-be3d-701ce0018c4a}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C2E05A3-75EE-F5D9-F2D2-CA4C7A35B21E}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C59075A-DD50-17D5-DB83-F22738D95C25}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{4E5D95BB-34E2-40CA-559D-980529B442FF}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{695D3AF0-BAEF-BFD6-88B0-20D456C4F392}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{A33BBCB0-9123-91BD-E103-386634F0C082}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{bb3e4169-739e-4bcb-bab0-dbebab311ede}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{bceae9b7-1e0a-49f6-a074-e763241c2f53}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{c6fe75dc-e789-43c5-ac8f-52f8470684ed}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{C79CE3A5-ED6C-C8CD-790C-F4018E5FD980}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{EFD82B5E-4694-962C-66F8-C7B07D309959}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{F19C2D99-7C6D-2D04-05D7-1FBB67934FA4}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275567}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276667}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a274b32-d751-4708-9ea3-ceb917edd5f7}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6fe75dc-e789-43c5-ac8f-52f8470684ed}
Chiave Eliminati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chiave Eliminati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dato Ripristinati : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Eliminati : HKCU\Software\APN PIP
Chiave Eliminati : HKCU\Software\Blabbers       
Chiave Eliminati : HKCU\Software\Blabbers
Chiave Eliminati : HKCU\Software\ChatZum Toolbar
[#] Chiave Eliminati : HKCU\Software\DataMngr_Toolbar
Chiave Eliminati : HKCU\Software\delta LTD
Chiave Eliminati : HKCU\Software\Delta
Chiave Eliminati : HKCU\Software\dsiteproducts
Chiave Eliminati : HKCU\Software\Iminent
Chiave Eliminati : HKCU\Software\InstallCore
Chiave Eliminati : HKCU\Software\InstalledBrowserExtensions
Chiave Eliminati : HKCU\Software\lollipop
Chiave Eliminati : HKCU\Software\RegisteredApplicationsEx
Chiave Eliminati : HKCU\Software\Softonic
Chiave Eliminati : HKCU\Software\systweak
Chiave Eliminati : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chiave Eliminati : HKCU\Software\AppDataLow\Software\Crossrider
Chiave Eliminati : HKCU\Software\AppDataLow\Software\Tiger Savings
Chiave Eliminati : HKCU\Software\AppDataLow\Software\ViewPassword
Chiave Eliminati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminati : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chiave Eliminati : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chiave Eliminati : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chiave Eliminati : HKLM\SOFTWARE\Babylon
Chiave Eliminati : HKLM\SOFTWARE\BrowserCompanion
Chiave Eliminati : HKLM\SOFTWARE\ChatZum Toolbar
Chiave Eliminati : HKLM\SOFTWARE\DataMngr
Chiave Eliminati : HKLM\SOFTWARE\Delta
Chiave Eliminati : HKLM\SOFTWARE\GinyasBrowserCompanion
Chiave Eliminati : HKLM\SOFTWARE\Iminent
Chiave Eliminati : HKLM\SOFTWARE\PIP
Chiave Eliminati : HKLM\SOFTWARE\SP Global
Chiave Eliminati : HKLM\SOFTWARE\SProtector
Chiave Eliminati : HKLM\SOFTWARE\SupDp
Chiave Eliminati : HKLM\SOFTWARE\SupTab
Chiave Eliminati : HKLM\SOFTWARE\supWPM
Chiave Eliminati : HKLM\SOFTWARE\sweet-pageSoftware
Chiave Eliminati : HKLM\SOFTWARE\systweak
Chiave Eliminati : HKLM\SOFTWARE\Wpm
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{25F259ED-12F6-429F-5783-527C3E2F8586}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A4ABCA-CF3D-C548-2DC4-72A55DC5882A}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Dato Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suptab\search~1.dll
Dato Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw_boo~1\assist~1.dll
Dato Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Dato Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW_BOO~1\ASSIST~2.DLL
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
 
***** [ Browser ] *****
 
-\\ Internet Explorer v10.0.9200.17148
 
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v
 
 
-\\ Opera v26.0.1656.32
 
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\Windows7\AppData\Roaming\Opera Software\Opera Stable\preferences] - Eliminati [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
 
*************************
 
AdwCleaner[R0].txt - [41376 octets] - [09/12/2014 12:53:27]
AdwCleaner[S0].txt - [38272 octets] - [09/12/2014 12:55:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [38333 octets] ##########


#5 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 09 December 2014 - 07:28 AM

2.-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Windows7 on 09/12/2014 at 13:24:55,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\sw_booster"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/12/2014 at 13:27:29,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 09 December 2014 - 07:47 AM

3.-

RogueKiller V10.0.9.0 (x64) [Dec  8 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Windows7 [Administrator]
Mode : Scan -- Date : 12/09/2014  13:46:33
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 17 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70866303-B2D2-4CF2-BA26-3E8925598854} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{70866303-B2D2-4CF2-BA26-3E8925598854} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{70866303-B2D2-4CF2-BA26-3E8925598854} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3733100454-630060721-2615378063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3733100454-630060721-2615378063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\4983 -- wscript.exe (C:\Users\Windows7\AppData\Local\Temp\launchie.vbs //B) -> Found
[Suspicious.Path] \\Origin -- C:\Users\Windows7\AppData\Roaming\Origin\update.vbe -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] vj8oa7e0.default : Ginyas Browser Companion [bbrs_002@blabbers.com] -> Found
[PUM.HomePage][FIREFX:Config] vj8oa7e0.default : user_pref("browser.startup.homepage", "www.google.it"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00ZF5A0 ATA Device +++++
--- User ---
[MBR] 3fecdc57f5d0b6c4ddbce5ed2fb73317
[BSP] 35c2c3c206b886f66652a592c12838fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_12092014_133734.log


#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:09:31 AM

Posted 10 December 2014 - 08:16 AM

It has been a while since your last post. Is the original problem still present? Or is there any other problem that I should know of?

Do the following:

Please re-run RogueKiller and press the Scan button.
Click the Tasks tab.
Place a checkmark on the following items:
 
[Suspicious.Path] \\4983 -- wscript.exe (C:\Users\Windows7\AppData\Local\Temp\launchie.vbs //B) -> Found
[Suspicious.Path] \\Origin -- C:\Users\Windows7\AppData\Roaming\Origin\update.vbe -> Found
Next, click the Web Browser tab and place a checkmark on this item:
 
[PUP][FIREFX:Addon] vj8oa7e0.default : Ginyas Browser Companion [bbrs_002@blabbers.com] -> Found 
Click on the Delete button.
Then, click on Report and copy/paste the context of that file into your next reply.

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:31 AM

Posted 26 January 2015 - 11:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users