-
giancai.
User deleted
ciao fatto e risolto. sembra tutto funzionare ora ti ringrazio come sempre mio salvatore . -
.
perfetto.
E` comunque importante che alleghi il file fixlog.txt che hai nella pendrive per controllare che tutto sia stato eliminato perché la variante del ransom portava anche il rootkit zero access.. -
giancai.
User deleted
aglia, maledizione. cmq ora sembra non avere niente in quanto ho fatto scansione con avg 2013, mi aveva rilevato qualcosa interente a zero access e l'ha eliminato. ho rifatto di nuovo la scansione ed e uscita pulita. devo preoccuparmi????
Edited by vicky67 - 15/8/2013, 18:08. -
.
Ok il pc è a posto ma era per tua migliore sicurezza se potevo visionare quel file fixlog.txt sulla pendrive.
Avg probabilmente ha rilevato zero access nella cartella della quarantena di FRST in C.
Ora rimuovi quella cartella.
Segui la guida post rimozione in firma.
ciao
. -
ivan1910.
User deleted
ho seguito alla lettera le tue istruzioni peraltro molto chiare ma purtroppo il mio pc non ne vuole sapere di ripartire normalmente ti allego anche risultato finale
se puoi darmi qualche altra indicazione grazie ciao
[SPOILER][/SPOILER]Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-08-2013
Ran by SYSTEM at 2013-08-17 10:30:17 Run:3
Running from F:\
Boot Mode: Recovery
scusa non avevo allegato il risultato
ciao
==============================================
Content of fixlist:
*****************
start
HKU\Joseph\...\Winlogon: [Shell] explorer.exe,C:\Users\Joseph\AppData\Roaming\cache.dat [81920 2011-11-17] () <==== ATTENTION
C:\Users\Joseph\AppData\Roaming\skype.ini
C:\Users\Joseph\AppData\Roaming\cache.dat
C:\Users\Joseph\AppData\Roaming\cache.ini
end
*****************
HKU\Joseph\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
"C:\Users\Joseph\AppData\Roaming\skype.ini" => File/Directory not found.
"C:\Users\Joseph\AppData\Roaming\cache.dat" => File/Directory not found.
"C:\Users\Joseph\AppData\Roaming\cache.ini" => File/Directory not found.
==== End of Fixlog ====. -
.
ciao Ivan1910
Il fixlist che và usato è personalizzato per ogni utente e non è quindi valido per tutti.
Devi allegarmi il log di FRST,poi ti forniro' un fix per la rimozione dell'infezione,valido solo per il tuo pc.. -
ivan1910.
User deleted
scusa ma non avevo capito questo passaggio ti allego FRST
grazie molto ciao
scusa ma non ho ancora capito come si allegano file
ciaoSPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013
Ran by SYSTEM on 17-08-2013 10:22:07
Running from F:\
Windows 7 Ultimate (X86) OS Language: Italian Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VMonitorVMUVC] - C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKU\bob\...\Run: [AdobeBridge] - [x]
HKU\bob\...\Run: [EPSON Stylus Photo R220 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Users\bob\AppData\Local\Temp\E_S7992.tmp" /EF "HKCU" [x]
HKU\bob\...\Run: [EPSON Stylus Photo R220 Series (Copia 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Users\bob\AppData\Local\Temp\E_S587C.tmp" /EF "HKCU" [x]
HKU\bob\...\Run: [Zysoj] - C:\Users\bob\AppData\Roaming\Wite\zysoj.exe [ 2010-12-09] (System, Inc.)
HKU\bob\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\bob\AppData\Local\Temp\wNEFXgz.exe [ 2013-08-16] (Valve Corporation) <===== ATTENTION
HKU\bob\...\Winlogon: [Shell] cmd.exe [ 2013-03-31] (Microsoft Corporation) <==== ATTENTION
HKU\bob\...\Command Processor: "C:\Users\bob\AppData\Local\Temp\wNEFXgz.exe" <===== ATTENTION!
========================== Services (Whitelisted) =================
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2847696 2013-07-26] ()
S3 FSAUA; C:\Program Files\F-Secure\FSAUA\program\fsaua.exe [417792 2007-01-17] (F-Secure Corporation)
S2 pf3ed; C:\Users\bob\AppData\Roaming\eecehp.bat [85 2012-11-01] ()
S2 ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [181312 2012-05-13] ()
S2 Trusted Installer; C:\Windows\system32\TrustedInstaller.exe [357376 2013-01-07] ()
==================== Drivers (Whitelisted) ====================
S3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [174592 2007-01-08] (Hauppauge Computer Works, Inc.)
S3 catchme; \??\C:\Users\bob\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-17 02:16 - 2013-08-17 02:16 - 00000000 ___DC C:\FRST
2013-08-16 00:33 - 2013-08-16 00:33 - 01359938 _____ C:\Users\bob\AppData\Roaming\2433f433
2013-08-16 00:33 - 2013-08-16 00:33 - 01359905 _____ C:\Users\bob\AppData\Local\2433f433
2013-08-14 13:53 - 2013-08-14 13:53 - 00000000 ____D C:\Users\bob\AppData\Roaming\vlc
2013-08-14 13:49 - 2013-08-17 08:57 - 00000000 ____D C:\ProgramData\Datamngr
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ___DC C:\Program Files\Movies Toolbar
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\Users\bob\AppData\Local\ilividmoviestoolbardla
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\ProgramData\Wincert
2013-08-14 08:29 - 2013-08-17 09:06 - 00003257 ____C C:\Windows\setupact.log
2013-08-14 08:29 - 2013-08-14 08:29 - 00000000 ____C C:\Windows\setuperr.log
2013-07-28 07:54 - 2013-08-01 23:56 - 00000063 _____ C:\Users\bob\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2013-08-17 10:00 - 2013-08-17 10:00 - 00000000 ___DC C:\Windows\System32\config\HiveBackup
2013-08-17 09:06 - 2013-08-14 08:29 - 00003257 ____C C:\Windows\setupact.log
2013-08-17 09:05 - 2013-03-30 01:27 - 00015640 ____C C:\Windows\PFRO.log
2013-08-17 08:57 - 2013-08-14 13:49 - 00000000 ____D C:\ProgramData\Datamngr
2013-08-17 08:52 - 2012-08-30 13:43 - 00005552 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 08:52 - 2012-08-30 13:43 - 00005552 ___HC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 08:52 - 2012-07-13 23:37 - 01542031 ____C C:\Windows\WindowsUpdate.log
2013-08-17 02:16 - 2013-08-17 02:16 - 00000000 ___DC C:\FRST
2013-08-16 17:49 - 2009-07-14 05:34 - 00012288 ____C C:\Windows\System32\umstartup.etl
2013-08-16 00:33 - 2013-08-16 00:33 - 01359938 _____ C:\Users\bob\AppData\Roaming\2433f433
2013-08-16 00:33 - 2013-08-16 00:33 - 01359905 _____ C:\Users\bob\AppData\Local\2433f433
2013-08-15 17:56 - 2009-10-28 08:24 - 00000000 ___DC C:\Foto
2013-08-15 16:55 - 2013-06-16 22:54 - 00000005 _____ C:\Users\bob\AppData\Roaming\WBPU-TTL.DAT
2013-08-15 00:40 - 2009-10-28 08:24 - 00000000 ___DC C:\Exel
2013-08-15 00:27 - 2010-12-26 10:31 - 00000000 ____D C:\Users\bob\AppData\Roaming\Apple Computer
2013-08-14 15:09 - 2009-10-28 08:23 - 00000000 __RDC C:\Programmi
2013-08-14 14:28 - 2013-06-30 22:36 - 00000000 ____D C:\Users\bob\Desktop\SCUOLA
2013-08-14 13:58 - 2012-10-18 15:49 - 00000000 ____D C:\Users\bob\Desktop\programmazione
2013-08-14 13:58 - 2012-08-16 13:11 - 00000000 ____D C:\Users\bob\Desktop\R. Spese
2013-08-14 13:57 - 2013-07-17 23:23 - 00000000 ____D C:\Users\bob\Desktop\CAP PARMA
2013-08-14 13:53 - 2013-08-14 13:53 - 00000000 ____D C:\Users\bob\AppData\Roaming\vlc
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ___DC C:\Program Files\Movies Toolbar
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\Users\bob\AppData\Local\ilividmoviestoolbardla
2013-08-14 13:49 - 2013-08-14 13:49 - 00000000 ____D C:\ProgramData\Wincert
2013-08-14 08:29 - 2013-08-14 08:29 - 00000000 ____C C:\Windows\setuperr.log
2013-08-13 16:07 - 2013-03-31 01:11 - 00336962 ____C C:\Windows\System32\PerfStringBackup.INI
2013-08-02 13:24 - 2013-05-25 12:57 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-08-01 23:56 - 2013-07-28 07:54 - 00000063 _____ C:\Users\bob\AppData\Roaming\WB.CFG
2013-07-31 06:12 - 2010-12-11 21:47 - 00000000 ____D C:\Program Files\Google
2013-07-21 17:02 - 2010-12-09 00:00 - 00000000 ____D C:\Users\bob\Downloads\eMule
Files to move or delete:
====================
C:\Users\bob\AppData\Local\Temp\wNEFXgz.exe
C:\Users\bob\Photoshop_12_LS4.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-15 23:00:05
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 2045.94 MB
Available physical RAM: 1648.76 MB
Total Pagefile: 2045.94 MB
Available Pagefile: 1648.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:218.88 GB) (Free:60.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Esegui backup) (Fixed) (Total:74.5 GB) (Free:30.37 GB) NTFS
Drive f: () (Removable) (Total:3.71 GB) (Free:3.7 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 494025C7)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=5 GB) - (Type=DB)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 01FB0D9A)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-08-13 18:51
==================== End Of Log ============================
spero fosse questo quello che mi chiedevi grazie ciao
Edited by vicky67 - 17/8/2013, 12:55. -
.
Per incollarli direttamente nel post devi incollare il log dentro le parentesi dei 2 spoiler.
Ora copia il file in allegato nella pendrive.Riavvia FRST come hai fatto già solo che questa volta anzichè cliccare su SCAN clicca su FIX.
Riavvia il pc e controlla se l'avvio avviene correttamente.Allegami il log fixlog.txt che troverai sulla pendrive dopo aver efettuato il fix.
Poi c'è da eseguire altri 2 programmi dal desktop per una migliore pulizia del sistema.File Allegato
. -
ivan1910.
User deleted
non crederai ma ha funzionato 10 min e poi appena su internet ripreso ora dice che sistema e a 64 bit insomma un casino non so cosa fare
scusa per disturbo ma non ne vengo fuori grazie ciao
nel dettaglio avevo provato a rifarle l operazione rilanciando FRST ma mi dice che il sistema e a 64 bit prima avevo provato e per farlo girare do dovuto scaricare quello a 32 insomma sono ad un punto fermo se mi puoi aiutare
grazie ciao. -
.
@Ivan1910
Il tuo sistema è a 32 bit.Riffettua la scansione con FRST scaricando quella a 32 bit ed eseguendolo con quella.
Attenzione al sito dove lo hai ripreso, è infetto e finchè non viene bonificato non visitarlo.
Edited by vicky67 - 17/8/2013, 16:27. -
Arai78.
User deleted
Grazie in anticipo per l'aiuto, allego di seguito log di frst SPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by SYSTEM on 17-08-2013 15:53:59
Running from G:\
Windows 7 Home Premium (X64) OS Language: Italian Standard
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MarketingTools] - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2009-09-08] (Sony Corporation)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles [x]
HKLM-x32\...\Run: [NokiaMusic FastStart] - C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe [2327840 2009-07-02] (Nokia)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-07-02] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-07-02] (Iminent)
HKU\Michael\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-08] (Google Inc.)
HKU\Michael\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\Michael\...\Run: [Software updater] - C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater\updater.exe [52516 2013-05-21] ()
HKU\Michael\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe [64000 2013-08-15] (Valve Corporation) <===== ATTENTION
HKU\Michael\...\Winlogon: [Shell] cmd.exe [344576 2009-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\Michael\...\Command Processor: "C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe" <===== ATTENTION!
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
ShortcutTarget: lollipop.lnk -> (No File)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S3 ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2864448 2013-08-01] (Iminent)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-15 12:59 - 2013-08-15 12:59 - 01037386 _____ C:\ProgramData\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 01037339 _____ C:\Users\Michael\AppData\Local\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 01037306 _____ C:\Users\Michael\AppData\Roaming\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ArcSoft
2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Local\ArcSoft
2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\ProgramData\ArcSoft
2013-07-19 17:42 - 2013-07-19 17:42 - 00000638 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Iminent
2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\ProgramData\Iminent
2013-07-18 14:00 - 2013-07-19 17:41 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-18 14:00 - 2013-07-18 14:00 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
2013-07-18 14:00 - 2013-07-18 14:00 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater
2013-07-18 13:59 - 2013-08-14 22:48 - 00000000 ____D C:\Users\Michael\AppData\Local\Lollipop
2013-07-18 13:55 - 2009-11-25 20:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-07-18 13:55 - 2009-11-25 20:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-07-18 13:55 - 2009-11-25 20:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-07-18 13:55 - 2009-11-25 20:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-07-18 13:55 - 2009-11-25 20:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-07-18 13:55 - 2009-11-25 20:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-07-18 13:55 - 2009-11-25 20:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-07-18 13:55 - 2009-11-25 20:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-07-18 13:55 - 2009-11-25 20:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-07-18 13:55 - 2009-11-25 20:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-07-18 13:54 - 2013-07-19 17:42 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-18 13:54 - 2013-07-18 13:54 - 00000000 ____D C:\Program Files (x86)\IMinent Toolbar
2013-07-18 12:45 - 2013-08-17 14:13 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-07-18 12:45 - 2013-07-29 11:20 - 00000000 ____D C:\Users\Michael\AppData\Local\SwvUpdater
2013-07-18 12:45 - 2013-07-18 12:45 - 00003388 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-07-18 12:43 - 2013-07-18 12:43 - 00592200 _____ C:\Users\Michael\Desktop\eMule0.50a-Installer.exe
==================== One Month Modified Files and Folders =======
2013-08-17 15:53 - 2013-08-17 15:53 - 00000000 ____D C:\FRST
2013-08-17 14:37 - 2010-11-08 18:24 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-08-17 14:35 - 2009-11-22 13:17 - 02083525 _____ C:\Windows\WindowsUpdate.log
2013-08-17 14:35 - 2009-07-14 05:51 - 00108830 _____ C:\Windows\setupact.log
2013-08-17 14:21 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 14:21 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 14:14 - 2009-11-22 13:21 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FEF5E76E-1D50-4A05-B002-883B6D4C7341}
2013-08-17 14:14 - 2009-09-08 12:49 - 00001160 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 14:13 - 2013-07-18 12:45 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-08-17 14:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 17:47 - 2010-11-28 17:02 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-08-15 13:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-08-15 13:00 - 2009-09-08 12:49 - 00001164 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 13:00 - 2009-08-17 13:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-15 12:59 - 2013-08-15 12:59 - 01037386 _____ C:\ProgramData\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 01037339 _____ C:\Users\Michael\AppData\Local\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 01037306 _____ C:\Users\Michael\AppData\Roaming\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ArcSoft
2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\Users\Michael\AppData\Local\ArcSoft
2013-08-15 12:59 - 2013-08-15 12:59 - 00000000 ____D C:\ProgramData\ArcSoft
2013-08-15 12:55 - 2009-11-22 15:36 - 00000000 ____D C:\Users\Michael\Tracing
2013-08-14 22:48 - 2013-07-18 13:59 - 00000000 ____D C:\Users\Michael\AppData\Local\Lollipop
2013-08-02 10:37 - 2009-11-22 14:41 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
2013-07-29 11:20 - 2013-07-18 12:45 - 00000000 ____D C:\Users\Michael\AppData\Local\SwvUpdater
2013-07-20 13:36 - 2009-07-14 06:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-19 17:42 - 2013-07-19 17:42 - 00000638 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Iminent
2013-07-19 17:42 - 2013-07-19 17:42 - 00000000 ____D C:\ProgramData\Iminent
2013-07-19 17:42 - 2013-07-18 13:54 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-07-19 17:41 - 2013-07-18 14:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-18 14:00 - 2013-07-18 14:00 - 00001051 _____ C:\Users\Michael\Desktop\MyPC Backup.lnk
2013-07-18 14:00 - 2013-07-18 14:00 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater
2013-07-18 13:59 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-18 13:58 - 2009-07-14 11:53 - 00706896 _____ C:\Windows\System32\perfh010.dat
2013-07-18 13:58 - 2009-07-14 11:53 - 00131156 _____ C:\Windows\System32\perfc010.dat
2013-07-18 13:58 - 2009-07-14 06:13 - 01581390 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-18 13:55 - 2009-09-08 12:49 - 00004160 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 13:55 - 2009-09-08 12:49 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-18 13:54 - 2013-07-18 13:54 - 00000000 ____D C:\Program Files (x86)\IMinent Toolbar
2013-07-18 12:45 - 2013-07-18 12:45 - 00003388 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-07-18 12:43 - 2013-07-18 12:43 - 00592200 _____ C:\Users\Michael\Desktop\eMule0.50a-Installer.exe
Files to move or delete:
====================
C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-02-15 17:33:56
Restore point made on: 2012-05-30 13:30:38
Restore point made on: 2012-06-23 13:10:40
Restore point made on: 2012-06-29 11:48:14
Restore point made on: 2012-08-17 12:56:02
Restore point made on: 2012-09-23 16:46:25
Restore point made on: 2012-12-29 14:45:37
Restore point made on: 2013-03-02 23:24:15
Restore point made on: 2013-04-07 14:48:10
Restore point made on: 2013-07-18 13:54:52
Restore point made on: 2013-08-15 13:00:07
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 4063.03 MB
Available physical RAM: 3438.81 MB
Total Pagefile: 4061.18 MB
Available Pagefile: 3434.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:288.81 GB) (Free:223.07 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:9.18 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (STORE'N'GO) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: DC9A64EA)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 491 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=491 MB) - (Type=06)
LastRegBack: 2013-07-06 02:42
==================== End Of Log ============================. -
.
ciao Arai78
Scarica e copia il file in allegato nella pendrive dove hai FRST.Riavvia FRST come hai fatto già solo che questa volta anzichè cliccare su SCAN clicca su FIX una sola volta.
Riavvia il pc e controlla se l'avvio avviene correttamente.Allegami il log fixlog.txt che troverai sulla pendrive dopo aver efettuato il fix.
Seguiranno ulteriori istruzioni.File Allegato
. -
Arai78.
User deleted
Fatto grazie. SPOILER (clicca per visualizzare)Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2013
Ran by SYSTEM at 2013-08-17 17:15:04 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
start
HKU\Michael\...\Run: [Software updater] - C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater\updater.exe [52516 2013-05-21] ()
HKU\Michael\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe [64000 2013-08-15] (Valve Corporation) <===== ATTENTION
HKU\Michael\...\Winlogon: [Shell] cmd.exe [344576 2009-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\Michael\...\Command Processor: "C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe" <===== ATTENTION!
2013-08-15 12:59 - 2013-08-15 12:59 - 01037386 _____ C:\ProgramData\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 01037339 _____ C:\Users\Michael\AppData\Local\2433f433
2013-08-15 12:59 - 2013-08-15 12:59 - 01037306 _____ C:\Users\Michael\AppData\Roaming\2433f433
2013-07-18 12:45 - 2013-08-17 14:13 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-07-18 12:45 - 2013-07-29 11:20 - 00000000 ____D C:\Users\Michael\AppData\Local\SwvUpdater
2013-07-18 12:45 - 2013-07-18 12:45 - 00003388 _____ C:\Windows\System32\Tasks\AmiUpdXp
C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe
C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater
end
*****************
HKU\Michael\Software\Microsoft\Windows\CurrentVersion\Run\\Software updater => Value deleted successfully.
HKU\Michael\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Michael\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Michael\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Michael\AppData\Local\2433f433 => Moved successfully.
C:\Users\Michael\AppData\Roaming\2433f433 => Moved successfully.
C:\Windows\Tasks\AmiUpdXp.job => Moved successfully.
C:\Users\Michael\AppData\Local\SwvUpdater => Moved successfully.
C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully.
C:\Users\Michael\AppData\Local\Temp\dsddSVj.exe => Moved successfully.
C:\Users\Michael\AppData\Roaming\FreeSoftwareUpdater => Moved successfully.
==== End of Fixlog ====. -
.
Perfetto
Ora esegui adwcleaner direttamente dal desktop.Trovi le istruzioni nella guida ai tool di rimozione in firma.
Allega sempre il log che ne scaturisce.
Poi terminiamo con una guida per impedire di riprendersi l'infezione su internet.. -
Arai78.
User deleted
Ecco SPOILER (clicca per visualizzare)# AdwCleaner v2.306 - Logfile creato il 17/08/2013 alle 17:48:27
# Aggiornamento 19/07/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium (64 bits)
# Utente : Michael - MICHAEL-VAIO
# Modalità Avvio : Modalità Normale
# Eseguito da : G:\AdwCleaner.exe
# Opzioni [Elimina]
***** [Servizi] *****
Fermato & Eliminato : SProtection
***** [File / Cartelle] *****
Eliminato al riavvio : C:\Program Files (x86)\Common Files\Umbrella
Eliminato al riavvio : C:\Program Files (x86)\Iminent
Eliminato al riavvio : C:\Program Files (x86)\IMinent toolbar
Eliminato al riavvio : C:\ProgramData\Iminent
Eliminato al riavvio : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Eliminato al riavvio : C:\ProgramData\Partner
Eliminato al riavvio : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Eliminato al riavvio : C:\Users\Michael\AppData\Local\lollipop
Eliminato al riavvio : C:\Users\Michael\AppData\Local\Temp\Iminent
Eliminato al riavvio : C:\Users\Michael\AppData\LocalLow\Toolbar4
Eliminato al riavvio : C:\Users\Michael\AppData\Roaming\Iminent
File Eliminato : C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
File Eliminato : C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
***** [Registro] *****
Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\lollipop
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Chiave Eliminata : HKCU\Software\YahooPartnerToolbar
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Chiave Eliminata : HKLM\Software\AVG Secure Search
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Chiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Chiave Eliminata : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Chiave Eliminata : HKLM\Software\DeviceVM
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chiave Eliminata : HKLM\Software\Umbrella
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
***** [Browser Internet] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Registro Pulito.
-\\ Google Chrome v2.0.172.37
File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File Pulito.
*************************
AdwCleaner[S1].txt - [31962 octets] - [17/08/2013 17:48:27]
########## EOF - C:\AdwCleaner[S1].txt - [32023 octets] ##########.
Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO) |
