Aiuto PC

 
.

Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO)

« Older   Newer »
 
  Share  
.
  1. lucertolas
    Posted on 10/9/2013, 18:21
     
    .

    User deleted
    Buonasera, oggi ho contratto anch'io questo morboso virus... E mi par di aver trovato soluzione solo in questo forum. Riscontro gli stessi sintomi di altri: immobilità dello schermo, non si avvia la modalità provvisoria ecc... Ho proceduto con la scansione con FRST. Allego il file FRST.txt e spero nel meglio!

    Grazie mille in anticipo
    File Allegato
    FRST.txt
    (Number of downloads: 27)

     
    .
  2. vicky67
    Posted on 10/9/2013, 19:01
     
    .

    Master Malware Expert

    Group
    Administrator
    Posts
    4,519
    Location
    Poggio Mirteto(RI)

    Status
    Anonymous
    ciao lucertolas

    Scarica il file in allegato sulla pendrive dove hai FRST.Riavvia FRST come hai già fatto solo che questa volta anzichè cliccare su SCAN clicca su FIX una sola volta.
    Allega il log fixlog.txt (importante)che troverai sulla pendrive.

    Riavvia il pc e controlla se si riavvia correttamente.Seguiranno ulteriori istruzioni.

    n.b
    Non scappate dopo aver rimosso l'infezione perchè ho darvi altre importanti istruzioni.Grazie
    File Allegato
    fixlist.txt
    (Number of downloads: 20)

     
    .
  3. torres99
    Posted on 10/9/2013, 19:18
     
    .

    User deleted
    Ciao, ti allego i tre log che mi chiedevi:

    Farbar service scan
    SPOILER (clicca per visualizzare)
    Farbar Service Scanner Version: 05-09-2013
    Ran by utente (administrator) on 10-09-2013 at 19:19:43
    Running from "C:\Users\utente\Desktop\Farbar Sercice Scanner"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legi


    Adwcleaner
    SPOILER (clicca per visualizzare)
    # AdwCleaner v3.003 - Report created 10/09/2013 at 19:11:25
    # Updated 07/09/2013 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : utente - UTENTE-PC
    # Running from : C:\Users\utente\Desktop\ADW Cleaner\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Bandoo
    Folder Deleted : C:\ProgramData\Fun4IM
    Folder Deleted : C:\ProgramData\Iminent
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fun4IM
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
    Folder Deleted : C:\Program Files (x86)\Fun4IM
    Folder Deleted : C:\Program Files (x86)\Iminent
    Folder Deleted : C:\Program Files (x86)\TornTV.com
    Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
    Folder Deleted : C:\Users\utente\AppData\Local\Babylon
    Folder Deleted : C:\Users\utente\AppData\Local\PackageAware
    Folder Deleted : C:\Users\utente\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\utente\AppData\Local\Temp\Iminent
    Folder Deleted : C:\Users\utente\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\utente\AppData\LocalLow\SearchquTB
    Folder Deleted : C:\Users\utente\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\utente\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\utente\AppData\Roaming\Bandoo
    Folder Deleted : C:\Users\utente\AppData\Roaming\Iminent
    Folder Deleted : C:\Users\utente\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\utente\AppData\Roaming\registry mechanic
    Folder Deleted : C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\FlashAnimator.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
    Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
    Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
    Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
    Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_boilsoft-video-joiner[1]_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_boilsoft-video-joiner[1]_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_freemake-video-converter_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_freemake-video-converter_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_pixillion-image-converter_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_pixillion-image-converter_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_testdisk[1]_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_testdisk[1]_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_testdisk_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_testdisk_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_zoner-photo-studio_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_zoner-photo-studio_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FF99715-3016-4381-84CE-E4E4C9673020}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Iminent
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutb
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\Bandoo
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\Offerbox
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SearchquMediabarTb
    Key Deleted : HKLM\Software\TENCENT
    Key Deleted : HKLM\Software\Umbrella
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{491C9A4E-6E50-4B53-911D-861BA8DA3C21}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16660


    -\\ Mozilla Firefox v

    [ File : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]


    -\\ Google Chrome v29.0.1547.66

    [ File : C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [33453 octets] - [10/09/2013 19:10:44]
    AdwCleaner[S0].txt - [33470 octets] - [10/09/2013 19:11:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33531 octets] ##########



    FixLog

    SPOILER (clicca per visualizzare)
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013
    Ran by SYSTEM at 2013-09-09 21:28:48 Run:1
    Running from I:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    start
    HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wmerxluckuclsrgdeoo.bat [70 ] () <=== ATTENTION
    HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wmerxluckuclsrgdeoo.bat [70 ] () <=== ATTENTION
    Startup: C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9bllc8z9.lnk
    ShortcutTarget: 9bllc8z9.lnk -> C:\PROGRA~3\9z8cllb9.plz (Sumitomo Forestry Corporation)
    S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2864448 2013-08-01] (Iminent)
    S2 Winmgmt; C:\PROGRA~3\9bllc8z9.pzz [62560 2013-09-08] (Microsoft Corporation)
    S2 Winmgmt; C:\PROGRA~3\9bllc8z9.pzz [62560 2013-09-08] (Microsoft Corporation)
    2013-09-08 06:57 - 2013-09-08 07:46 - 95025368 ____T C:\ProgramData\9bllc8z9.pff
    2013-09-08 06:57 - 2013-09-08 07:46 - 00000000 _____ C:\ProgramData\9bllc8z9.ctrl
    2013-09-08 06:57 - 2013-09-08 06:57 - 00160212 _____ (Sumitomo Forestry Corporation) C:\ProgramData\9z8cllb9.plz
    2013-09-08 06:57 - 2013-09-08 06:57 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\9bllc8z9.pzz
    2013-08-30 11:40 - 2013-08-30 11:40 - 00000165 _____ C:\ProgramData\pxiepppeloqunvqsckr.reg
    2013-08-30 11:40 - 2013-08-30 11:40 - 00000070 _____ C:\ProgramData\pxiepppeloqunvqsckr.bat
    2013-08-18 14:13 - 2013-08-18 14:13 - 00000165 _____ C:\ProgramData\pnerdwpiyrhvipsixiy.reg
    2013-08-18 14:13 - 2013-08-18 14:13 - 00000070 _____ C:\ProgramData\pnerdwpiyrhvipsixiy.bat
    2013-08-17 22:58 - 2013-08-17 22:58 - 00000165 _____ C:\ProgramData\qefwdmswegotyrlfbxt.reg
    2013-08-17 22:58 - 2013-08-17 22:58 - 00000070 _____ C:\ProgramData\qefwdmswegotyrlfbxt.bat
    2013-08-17 14:13 - 2013-08-17 14:13 - 00000165 _____ C:\ProgramData\fdmhbiynwklggvkrkrv.reg
    2013-08-17 14:13 - 2013-08-17 14:13 - 00000070 _____ C:\ProgramData\fdmhbiynwklggvkrkrv.bat
    2013-08-10 06:40 - 2013-08-10 06:40 - 00000165 _____ C:\ProgramData\baepurrcjhwyykogkkn.reg
    2013-08-10 06:40 - 2013-08-10 06:40 - 00000070 _____ C:\ProgramData\baepurrcjhwyykogkkn.bat
    2013-08-10 06:40 - 2013-08-10 06:40 - 00000165 _____ C:\ProgramData\baepurrcjhwyykogkkn.reg
    2013-08-10 06:40 - 2013-08-10 06:40 - 00000070 _____ C:\ProgramData\baepurrcjhwyykogkkn.bat
    C:\Users\utente\AppData\Local\c9a250a8
    C:\Users\utente\AppData\Local\c9a250a8\@
    C:\Users\utente\AppData\Local\c9a250a8\loader.tlb
    C:\ProgramData\9bllc8z9.ctrl
    C:\ProgramData\9z8cllb9.plz
    C:\ProgramData\wmerxluckuclsrgdeoo.bat
    C:\ProgramData\wmerxluckuclsrgdeoo.reg
    C:\Users\utente\AppData\Local\Temp\gnobcltacusdrxqgvys.bfg
    C:\Users\utente\AppData\Local\Temp\rkcsqvnuqolepppeixp.bfg
    C:\Users\utente\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\utente\AppData\Local\Temp\tggngimpphlesqutaax.bfg
    C:\Users\utente\AppData\Local\Temp\txbflrytogewsmdwfeq.bfg
    C:\Users\utente\AppData\Local\Temp\vrkrkvgglkwnyibhmdf.bfg
    C:\Users\utente\AppData\Local\Temp\yixispivhryipwdrenp.bfg
    end



    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
    C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9bllc8z9.lnk => Moved successfully.
    C:\PROGRA~3\9z8cllb9.plz => Moved successfully.
    SProtection => Service deleted successfully.
    Winmgmt => Service restored successfully.
    Winmgmt => Service restored successfully.
    C:\ProgramData\9bllc8z9.pff => Moved successfully.
    C:\ProgramData\9bllc8z9.ctrl => Moved successfully.
    "C:\ProgramData\9z8cllb9.plz" => File/Directory not found.
    C:\ProgramData\9bllc8z9.pzz => Moved successfully.
    C:\ProgramData\pxiepppeloqunvqsckr.reg => Moved successfully.
    C:\ProgramData\pxiepppeloqunvqsckr.bat => Moved successfully.
    C:\ProgramData\pnerdwpiyrhvipsixiy.reg => Moved successfully.
    C:\ProgramData\pnerdwpiyrhvipsixiy.bat => Moved successfully.
    C:\ProgramData\qefwdmswegotyrlfbxt.reg => Moved successfully.
    C:\ProgramData\qefwdmswegotyrlfbxt.bat => Moved successfully.
    C:\ProgramData\fdmhbiynwklggvkrkrv.reg => Moved successfully.
    C:\ProgramData\fdmhbiynwklggvkrkrv.bat => Moved successfully.
    C:\ProgramData\baepurrcjhwyykogkkn.reg => Moved successfully.
    C:\ProgramData\baepurrcjhwyykogkkn.bat => Moved successfully.
    "C:\ProgramData\baepurrcjhwyykogkkn.reg" => File/Directory not found.
    "C:\ProgramData\baepurrcjhwyykogkkn.bat" => File/Directory not found.
    C:\Users\utente\AppData\Local\c9a250a8 => Moved successfully.
    "C:\Users\utente\AppData\Local\c9a250a8\@" => File/Directory not found.
    "C:\Users\utente\AppData\Local\c9a250a8\loader.tlb" => File/Directory not found.
    "C:\ProgramData\9bllc8z9.ctrl" => File/Directory not found.
    "C:\ProgramData\9z8cllb9.plz" => File/Directory not found.
    C:\ProgramData\wmerxluckuclsrgdeoo.bat => Moved successfully.
    C:\ProgramData\wmerxluckuclsrgdeoo.reg => Moved successfully.
    C:\Users\utente\AppData\Local\Temp\gnobcltacusdrxqgvys.bfg => Moved successfully.
    C:\Users\utente\AppData\Local\Temp\rkcsqvnuqolepppeixp.bfg => Moved successfully.
    C:\Users\utente\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\utente\AppData\Local\Temp\tggngimpphlesqutaax.bfg => Moved successfully.
    C:\Users\utente\AppData\Local\Temp\txbflrytogewsmdwfeq.bfg => Moved successfully.
    C:\Users\utente\AppData\Local\Temp\vrkrkvgglkwnyibhmdf.bfg => Moved successfully.
    C:\Users\utente\AppData\Local\Temp\yixispivhryipwdrenp.bfg => Moved successfully.
    ====
    ==== End of Fixlog


    Edited by vicky67 - 11/9/2013, 08:04
     
    .
  4. lucertolas
    Posted on 10/9/2013, 19:49
     
    .

    User deleted
    Ho scaricato fixlist.txt, copiato sulla chiavetta, avviato FRST e proceduto con "FIX". Il file fixlog.txt è stato creato e ora lo allego. Ho avviato il computer e si è acceso correttamente, vedo il desktop e posso agire con cartelle ecc.

    Pronto per il prossimo passo!
    File Allegato
    Fixlog.txt
    (Number of downloads: 30)

     
    .
  5. vicky67
    Posted on 11/9/2013, 07:20
     
    .

    Master Malware Expert

    Group
    Administrator
    Posts
    4,519
    Location
    Poggio Mirteto(RI)

    Status
    Anonymous
    @torres99
    Perfetto,il rootkit zero access non ha apportato danni al sistema.
    Con adwcleaner abbiamo rimossi diversi adware.
    Puoi seguire la guida post rimozione in firma per arginare successive infezioni.
    bye1

    @lucertolas
    Ok
    La tua variante non richiede controlli aggiuntivi.
    Bisogna solo eliminare degli adware dal sistema.Per questo usa adwcleaner.Trovi le istruzioni nella "guida ai tool rimozione" in firma.

    Segui poi la guida post rimozione sempre in firma.

    Se non hai altri problemi ti saluto.
     
    .
  6. lucertolas
    Posted on 11/9/2013, 09:59
     
    .

    User deleted
    Ti ringrazio moltissimo, il computer ora sembra funzionare correttamente, sto eseguendo la scansione con ccleaner.

    Allego il log di adwcleaner nel caso servisse.

    Grazie, grazie e grazie ancora!
    File Allegato
    AdwCleaner_S0_.txt
    (Number of downloads: 15)

     
    .
  7. vicky67
    Posted on 11/9/2013, 10:02
     
    .

    Master Malware Expert

    Group
    Administrator
    Posts
    4,519
    Location
    Poggio Mirteto(RI)

    Status
    Anonymous
    thumb_yello
     
    .
  8. breguz
    Posted on 12/9/2013, 15:33
     
    .

    User deleted
    Salve a tutti ho preso anche io il virus della polizia postale.
    Ho windows xp e non riesco ad entrare in modalita provvisoria quindi come scritto nella guida ho avviato il pc dal cd con otlpe. allego il log.
    Ringrazio anticipatamente chiunque voglia aiutarmi!
    File Allegato
    log.txt
    (Number of downloads: 22)

     
    .
  9. vicky67
    Posted on 12/9/2013, 15:56
     
    .

    Master Malware Expert

    Group
    Administrator
    Posts
    4,519
    Location
    Poggio Mirteto(RI)

    Status
    Anonymous
    ciao breguz

    riavvia OTLPE e copia il contenuto del file in allegato nel box bianco di OTL.Clicca su RUN FIX.
    Aspetta il termine delle operazioni.Riavvia il pc e controlla l'accesso a windows.Poi si dovranno rimuovere degli adware in mod mormale.
    File Allegato
    fix.txt
    (Number of downloads: 13)

     
    .
  10. breguz
    Posted on 12/9/2013, 16:21
     
    .

    User deleted
    Innanzi tutto grazie mille per la celere risposta! ho fatto quello che mi hai detto, allego il log.
    Ora il computer sembra funzionare correttamente!
    mille grazie
    ci sono altre procedure da seguire per completare il processo di pulizia ?
    File Allegato
    logg.txt
    (Number of downloads: 13)

     
    .
  11. vicky67
    Posted on 12/9/2013, 16:46
     
    .

    Master Malware Expert

    Group
    Administrator
    Posts
    4,519
    Location
    Poggio Mirteto(RI)

    Status
    Anonymous
    Devi solamente eseguire adwcleaner per rimuovere alcuni adware presenti nel pc.
    Trovi le istruzioni nella mia firma "guida ai tool di rimozione"

    Cancella la cartella OTL in C.

    Disattiva e riattiva il ripristino configurazione di sistema creando poi un punto pulito.
    ciao
     
    .
  12. breguz
    Posted on 12/9/2013, 16:53
     
    .

    User deleted
    Ti ringrazio moltissimo per il tuo prezioso aiuto, ora provvedo a fare quanto mi hai detto. Speriamo sia finita ;)
     
    .
  13. breguz
    Posted on 13/9/2013, 00:23
     
    .

    User deleted
    sembra veramente tutto a posto ora! metto cmq il log di adwcleaner in allegato :)
    Grazie!
    File Allegato
    adwcleaner.txt
    (Number of downloads: 20)

     
    .
  14. vicky67
    Posted on 13/9/2013, 07:12
     
    .

    Master Malware Expert

    Group
    Administrator
    Posts
    4,519
    Location
    Poggio Mirteto(RI)

    Status
    Anonymous
    thumb_yello
     
    .
  15. peppeadrenalina
    Posted on 17/9/2013, 20:15
     
    .

    User deleted
    salve a tutti scusate ma anche io ho beccato il virus della polizia penitenziaria.
    il pc si blocca sulla schermata della "polizia" e non posso fare altro.. inoltre non parte in modalità provvisoria.
    ho seguito la vostra guida con FRST ed a seguito allego il risultato.
    fiducioso in un aiuto.. attendo vostre indicazione.
    grazie in anticipo.

    Edited by vicky67 - 18/9/2013, 07:08
    File Allegato
    FRST.txt
    (Number of downloads: 32)

     
    .
698 replies since 5/6/2013, 08:44   22513 views
  Share  
.
 
.
Rimozione malware
Create your forum and your blog! · Top Forum · Categories · Help · Status · Contacts · Powered by ForumFree