Jump to content

url:mal

kkllaauuss
 Share

Recommended Posts

kkllaauuss

kkllaauuss

Posted
Posted

Every 10/15 minutes avast stops the virus, announcing it very proudly.  But I would like to eradicate it.  What can I do ?  I don't have problems in my daily PC use, everything works well, quite fast, no re-directions in my work on the web. I am not so skill to work on the registry, probably I would do only confusion.  Who can help me ? See attached files.  My PC is protected with avast+malwarebytes+glary's.    Thank you !!      kkllaauuss

attach.txt

dds.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello kkllaauuss and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

Babylon

Babylon Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
kkllaauuss

kkllaauuss

Posted
  • Author
Posted

Please find herewith following the results of the three PC scanning:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by hyperklaus on 08/08/2013 at  6:02:29,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-141930522-2581543273-3459439603-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babylonofficeaddin.officeaddin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
Successfully deleted: [File] C:\Windows\prefetch\BABYLON.EXE-59F8715E.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\hyperklaus\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\hyperklaus\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\hyperklaus\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\hyperklaus\AppData\Roaming\offerbox"
Successfully deleted: [Folder] "C:\Users\hyperklaus\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\hyperklaus\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\hyperklaus\appdata\local\wondershare"
Successfully deleted: [Folder] "C:\Users\hyperklaus\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\wondershare"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{014C019D-EEA4-4DD0-95EC-4FB8FACDBCF2}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{1292033C-9F45-4979-9838-4C53DE167570}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{169A512C-6547-47A5-B763-18920665E099}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{2D07836F-4048-492D-9B4A-03D153912D98}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{2F9B1E53-04E4-4029-97E0-A5EF6EE4BF66}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{4E459F5B-7856-49F7-81D6-48DF8F770C57}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{4FD412B0-9704-4CC9-B3B4-644E5BC2271A}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{59E71048-C4ED-4138-B2FD-532F88DA3FA6}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{6B65C867-CC63-4FDA-864A-E6A95450B974}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{79BDC4BE-BC5D-4733-B8D8-AD5601F8375F}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{7DCD85F9-78CB-490D-88DC-208584495739}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{97B81C61-583D-47D2-A79C-54D9DFAB72F1}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{B0C10B86-B831-44DE-BA29-E46E54514250}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{C18CC523-7F37-4030-A1E0-6BEA54766169}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{C9775D74-B4FF-4C5B-B27A-650A3806B658}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{D6DA390A-CED2-4CD8-BF05-5A75FEEAC59F}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{F0C8A8FA-352B-43C0-BB0A-FA35D5278E1F}
Successfully deleted: [Empty Folder] C:\Users\hyperklaus\appdata\local\{F1E1AEFC-42A8-4729-A6C9-1C2382C5AE40}
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/08/2013 at  6:07:32,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
-------------------------------------------------------------------------------------------------------------------------------------------
 
# AdwCleaner v2.306 - Logfile creato il 08/08/2013 alle 06:11:08
# Aggiornamento 19/07/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : hyperklaus - HYPERKLAUS-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\hyperklaus\Desktop\AdwCleaner.exe
# Opzioni [Elimina]
 
 
***** [servizi] *****
 
 
***** [File / Cartelle] *****
 
Cartella Eliminato : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Cartella Eliminato : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Cartella Eliminato : C:\Users\hyperklaus\AppData\Local\SoftwareUpdater
File Eliminato : C:\Program Files (x86)\Uninstall.exe
 
***** [Registro] *****
 
Chiave Eliminata : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chiave Eliminata : HKCU\Software\Offerbox
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS
Chiave Eliminata : HKLM\Software\Offerbox
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chiave Eliminata : HKLM\SOFTWARE\Tarma Installer
 
***** [browser Internet] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registro Pulito.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File Pulito.
 
*************************
 
AdwCleaner[s1].txt - [8670 octets] - [08/08/2013 06:11:08]
 
########## EOF - C:\AdwCleaner[s1].txt - [8730 octets] ##########
 
 
_______________________________________________________________________________________
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versione database: v2013.08.08.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
hyperklaus :: HYPERKLAUS-PC [amministratore]
 
08/08/2013 06:19:27
mbam-log-2013-08-08 (06-19-27).txt
 
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 240837
Tempo impiegato: 5 minuti, 31 secondi
 
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
 
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
 
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
 
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
 
File rilevati: 0
(non sono stati rilevati elementi nocivi)
 
(fine)
 
What else to do ?   Thanks.
kkllaauuss
--
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
kkllaauuss

kkllaauuss

Posted
  • Author
Posted

I see many dangers in running Combofix, as you correctly told me.   If you say it necessary, I will do, certainly I only will run the program and send to you the report, no action from me without your authorization.  But I need to be sure that running the program will not create problems, because the virus is affecting the PC that I also use to work and there are many documents, data, works and so on that I can't lose, mainly in August !   So let me know if there is really any any risk to lose data, and if it is necessary any activity from me as the program is running (I'm not so skill to understand and solve  problems or other questions that the program could need during its working).  It would be completely mechanic ..... thanks.   kkllaauuss

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Once you wish, I will try to find a way to avoid it, but if do not get will return this option on the table.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites
kkllaauuss

kkllaauuss

Posted
  • Author
Posted

Here following the results of OTL (2 messages)

 

First scan:

OTL logfile created on: 09/08/2013 06:36:16 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hyperklaus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
7,86 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 77,74% Memory free
15,71 Gb Paging File | 13,96 Gb Available in Paging File | 88,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 425,09 Gb Total Space | 294,76 Gb Free Space | 69,34% Space Free | Partition Type: NTFS
Drive E: | 488,31 Gb Total Space | 448,80 Gb Free Space | 91,91% Space Free | Partition Type: NTFS
 
Computer Name: HYPERKLAUS-PC | User Name: hyperklaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/08 19:46:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hyperklaus\Desktop\OTL.exe
PRC - [2013/07/03 18:05:48 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/01 04:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/20 11:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/04/30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/01 23:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/06 15:39:02 | 000,357,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/10/06 15:37:50 | 005,076,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/05/20 11:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/05/20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013/07/13 07:18:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 18:05:48 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/05/28 14:36:16 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/03 19:59:46 | 000,169,472 | ---- | M] (PowerOfferService) [Disabled | Stopped] -- C:\Users\hyperklaus\AppData\Local\PosService\Pos.exe -- (PowerOffer Service)
SRV - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/12/16 18:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Disabled | Stopped] -- C:\Users\hyperklaus\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater)
SRV - [2011/09/24 16:39:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/07/01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 21:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/10 14:12:52 | 000,956,192 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/04/30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/04/22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/03/31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/01 23:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 23:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Programmi\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/06 15:40:10 | 000,891,736 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/03 18:05:49 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/07/03 18:05:46 | 001,477,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm255.sys -- (tdrpman255)
DRV:64bit: - [2013/07/03 18:05:37 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/07/03 15:08:48 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/06/28 06:59:03 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/28 06:59:03 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/28 06:59:03 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/02 14:46:16 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/12 10:50:50 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/12 10:50:50 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/12 10:50:50 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/10 20:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/08 18:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/16 23:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/05/10 05:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/05/06 19:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011/04/26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/05 13:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/03/31 00:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/02/15 09:35:54 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/02/10 08:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 08:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/24 10:29:46 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/01/21 03:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/21 03:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/10 09:15:08 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 10:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/14 08:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/09/14 08:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/03/02 13:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hyperklaus\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hyperklaus\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\hyperklaus\AppData\Local\Ignite\npOCDM.1.1.3.0.dll (OpenCandy, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2012/11/21 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hyperklaus\AppData\Roaming\mozilla\Extensions
[2012/11/21 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hyperklaus\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2013/08/08 06:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.it/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\hyperklaus\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\hyperklaus\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hyperklaus\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SoundFrost = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\
CHR - Extension: Gmail = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/10/29 16:00:22 | 000,444,707 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15272 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {081524f7-7ed8-43ff-b01e-915c410a9cbe} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programmi\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programmi\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [servizio Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [software updater] C:\Users\hyperklaus\AppData\Roaming\FreeSoftwareUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FA86DC0-247C-4B0A-8DD2-D2FA6F4CC4EA}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FA86DC0-247C-4B0A-8DD2-D2FA6F4CC4EA}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C8495A-FC96-4118-A525-89E4939D8BE4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78BA58F7-486E-471F-90A4-9AFB59D0F248}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3B3B17A-3EBC-4F7C-AF43-CC229899CC77}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3B3B17A-3EBC-4F7C-AF43-CC229899CC77}: NameServer = 176.31.229.24,176.31.229.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1070f3e3-9b58-11e1-b80c-b870f4f9dc19}\Shell - "" = AutoRun
O33 - MountPoints2\{265c1bec-3ae2-11e1-9c06-b870f4f9dc19}\Shell - "" = AutoRun
O33 - MountPoints2\{265c1bec-3ae2-11e1-9c06-b870f4f9dc19}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{4c78223a-e6b7-11e0-9758-806e6f6e6963}\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/08 19:46:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hyperklaus\Desktop\OTL.exe
[2013/08/08 19:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade 5.4.7
[2013/08/08 19:25:48 | 000,000,000 | ---D | C] -- C:\ONE TOUCH Upgrade 5.4.7
[2013/08/08 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcatel PC Suite
[2013/08/08 19:24:07 | 000,000,000 | ---D | C] -- C:\Windows\QdAvPlug
[2013/08/08 19:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcatel PC Suite
[2013/08/08 19:22:57 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\Alcatel 602D Suite set up
[2013/08/08 19:20:17 | 007,180,914 | ---- | C] (TCL Communication Technology Holdings Limited               ) -- C:\Users\hyperklaus\Desktop\one-touch-upgrade-5-4-7-setup.exe
[2013/08/08 07:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013/08/08 06:32:36 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\URLMAL
[2013/08/08 06:02:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/06 07:19:50 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\Percorso
[2013/08/05 06:42:26 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\Nuova cartella
[2013/08/03 07:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/31 07:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013/07/31 07:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3
[2013/07/30 18:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deamm
[2013/07/18 19:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/18 08:24:46 | 000,000,000 | ---D | C] -- C:\Render
[2013/07/17 07:46:44 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\AppData\Local\BolideSoftware
[2013/07/17 07:46:43 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\AppData\Roaming\Obsidium
[2013/07/17 07:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bolide Movie Creator
[2013/07/17 07:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bolide Movie Creator
[2013/07/14 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Documents\InstantCDDVD
[2013/07/13 08:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
[2013/07/13 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer
[2013/07/12 18:26:55 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Documents\Backup personali
[2013/07/11 18:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/11 18:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/11 18:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/12/06 15:27:36 | 001,104,816 | ---- | C] (GreenTree Applications SRL) -- C:\Program Files (x86)\ytd.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/09 06:23:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 06:23:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 06:21:00 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-141930522-2581543273-3459439603-1001UA.job
[2013/08/09 06:17:09 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/08/09 06:16:03 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 06:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 06:15:31 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 19:46:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hyperklaus\Desktop\OTL.exe
[2013/08/08 19:43:00 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/08 19:39:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 19:25:50 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ONE TOUCH Upgrade 5.4.7.lnk
[2013/08/08 19:24:59 | 000,001,066 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Alcatel Dialup Internet.lnk
[2013/08/08 19:24:59 | 000,001,055 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Alcatel PC Suite.lnk
[2013/08/08 19:20:33 | 007,180,914 | ---- | M] (TCL Communication Technology Holdings Limited               ) -- C:\Users\hyperklaus\Desktop\one-touch-upgrade-5-4-7-setup.exe
[2013/08/08 17:41:04 | 001,654,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/08 17:41:04 | 000,739,482 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/08/08 17:41:04 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/08 17:41:04 | 000,146,522 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/08/08 17:41:04 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/08 14:24:36 | 000,534,614 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Pinocchio.mp3
[2013/08/08 14:19:19 | 000,560,778 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Tanz.mp3
[2013/08/08 07:21:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-141930522-2581543273-3459439603-1001Core.job
[2013/08/07 06:52:26 | 000,000,050 | ---- | M] () -- C:\Windows\popcinfo.dat
[2013/08/04 06:47:21 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/08/03 13:32:47 | 000,016,896 | ---- | M] () -- C:\Users\hyperklaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/02 20:00:02 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/07/17 07:03:11 | 000,024,154 | ---- | M] () -- C:\Windows\Arancia_Meccanica_000.JPG
[2013/07/12 06:40:45 | 000,468,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/08/08 19:25:50 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ONE TOUCH Upgrade 5.4.7.lnk
[2013/08/08 19:24:08 | 000,001,066 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Alcatel Dialup Internet.lnk
[2013/08/08 19:24:08 | 000,001,055 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Alcatel PC Suite.lnk
[2013/08/08 14:24:36 | 000,534,614 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Pinocchio.mp3
[2013/08/08 14:19:19 | 000,560,778 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Tanz.mp3
[2013/08/07 18:20:36 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/07/31 07:58:08 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013/07/17 07:09:19 | 000,024,154 | ---- | C] () -- C:\Windows\Arancia_Meccanica_000.JPG
[2013/05/21 07:21:09 | 000,020,829 | ---- | C] () -- C:\Windows\SysWow64\main.dat
[2013/05/20 13:34:18 | 000,000,270 | RHS- | C] () -- C:\Users\hyperklaus\ntuser.pol
[2013/01/01 18:53:53 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/12/06 15:27:40 | 000,076,328 | ---- | C] () -- C:\Program Files (x86)\scripts.yds
[2012/11/26 14:20:30 | 000,033,477 | ---- | C] () -- C:\Program Files (x86)\mediaplayer.swf
[2012/11/26 14:20:26 | 006,338,062 | ---- | C] () -- C:\Program Files (x86)\FFMPEG.EXE
[2012/11/26 14:20:26 | 000,025,859 | ---- | C] () -- C:\Program Files (x86)\COPYING.LGPLv2
[2012/11/26 14:20:26 | 000,011,560 | ---- | C] () -- C:\Program Files (x86)\COPYING.Apachev2
[2012/11/26 14:20:26 | 000,007,820 | ---- | C] () -- C:\Program Files (x86)\COPYING.LGPLv3
[2012/11/26 14:20:26 | 000,001,717 | ---- | C] () -- C:\Program Files (x86)\LICENSE
[2012/11/26 14:20:26 | 000,000,057 | ---- | C] () -- C:\Program Files (x86)\manual.bat
[2012/11/04 08:34:44 | 000,016,896 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 12:18:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/29 16:10:39 | 000,000,189 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/21 20:07:07 | 003,148,854 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\ssprep.bmp
[2012/10/05 14:22:33 | 000,092,240 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/10/05 14:22:33 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/10/05 14:22:33 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/10/05 14:22:33 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/10/05 14:22:33 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/10/05 14:22:33 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/10/05 14:22:33 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/10/05 14:22:33 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/10/05 14:22:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/10/05 14:22:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/10/05 14:22:33 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/10/05 14:22:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/10/05 14:22:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/10/05 14:22:33 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/10/05 14:22:33 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/10/05 14:22:33 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/10/05 14:22:33 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/10/05 14:15:06 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini
[2012/08/21 07:12:54 | 001,632,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/20 19:47:44 | 000,715,038 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\unins000.exe
[2012/07/20 19:47:43 | 000,004,142 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\unins000.dat
[2012/06/23 16:54:44 | 003,148,854 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\AzureBay.bmp
[2012/06/23 16:54:44 | 000,124,230 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\cal.bmp
[2012/06/23 16:54:43 | 005,760,054 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\sswpprep.bmp
[2012/06/23 16:53:11 | 000,000,727 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\AzureBay.ini
[2012/05/09 12:40:26 | 004,818,944 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/04/27 08:17:44 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\Drv64_32.dat
[2012/03/22 23:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/06 14:25:31 | 000,009,953 | ---- | C] () -- C:\Windows\SysWow64\SBUSB.INI
[2012/03/06 14:25:01 | 000,000,347 | ---- | C] () -- C:\Windows\CTWave32.INI
[2012/03/06 13:57:56 | 000,000,000 | ---- | C] () -- C:\Windows\SBWIN.INI
[2012/01/22 08:45:49 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/11 14:25:37 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/01/11 14:25:37 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/01/11 14:25:37 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/01/11 14:25:37 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/01/11 14:25:36 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/01/10 18:14:14 | 000,018,432 | ---- | C] () -- C:\Windows\ss3unstl.exe
[2012/01/10 14:21:44 | 000,000,050 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/01/10 09:02:59 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\MP2enc.dll
[2012/01/09 20:11:38 | 000,000,040 | ---- | C] () -- C:\Users\hyperklaus\AppData\Roaming\cdr.ini
[2012/01/09 20:00:30 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/09 20:00:29 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/09 19:54:19 | 000,000,020 | ---- | C] () -- C:\Windows\Pt.dll
[2012/01/09 19:30:32 | 000,000,430 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/12/08 00:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/08/12 11:01:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/12 11:01:11 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/12 11:01:10 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/12 11:01:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/12 11:01:08 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2003/07/17 21:23:28 | 000,000,591 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\ScreenSaver.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/04/27 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Abyssmedia
[2013/07/03 15:12:29 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Acronis
[2013/06/06 09:12:54 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Ainishare
[2012/08/20 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\AnvSoft
[2012/01/15 09:03:59 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Artogon
[2012/04/27 07:41:05 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Audacity
[2012/04/28 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Audio Recorder for Free
[2013/05/29 20:09:17 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Be a King 2
[2012/08/01 09:42:12 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Canneverbe Limited
[2012/10/05 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\ChemTable Software
[2013/04/22 17:44:59 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Chronoclasm Chronicles
[2012/08/20 13:11:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\DVDVideoSoft
[2012/09/30 13:37:41 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\EnchantedCavern
[2012/10/10 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\EPSON
[2012/01/09 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\EurekaLog
[2012/03/04 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Focus Mp3 Recorder
[2013/08/08 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\foobar2000
[2012/03/04 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Audio Editor
[2012/04/28 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Audio Recorder
[2012/04/28 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Sound Editor
[2012/04/28 06:54:21 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Sound Recorder
[2012/07/28 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\FreeBurner
[2013/04/25 07:53:14 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\FreeSoftwareUpdater
[2013/07/31 07:58:09 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\GlarySoft
[2013/06/25 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Glarysoft Giveaway
[2012/10/15 07:11:34 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\IObit
[2013/07/02 13:19:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\KC Softwares
[2013/02/21 15:56:06 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\MahJong Suite
[2012/04/15 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Mystery of Mortlake Mansion
[2012/11/19 08:26:36 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\newsXpresso
[2013/07/17 07:46:43 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Obsidium
[2012/02/09 15:08:49 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\PC Suite
[2013/04/20 17:24:32 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Pegasys Inc
[2012/05/12 06:52:03 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Philips
[2012/05/12 06:51:21 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Philips-Songbird
[2012/04/30 06:51:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Playrix Entertainment
[2013/03/23 14:13:24 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\PoBros
[2012/06/23 17:16:12 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\PowerCinema
[2012/08/19 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\R-TT
[2013/06/23 07:08:38 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\RuneStonesQuest
[2012/03/31 13:09:26 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Stereosoft
[2013/06/30 08:15:09 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\T1 Games
[2012/11/18 10:14:14 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\TheGreatPharaoh
[2012/10/19 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\VideoEditor
[2012/06/24 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\WildTangent
[2012/11/06 15:48:09 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Win7codecs
[2013/08/09 06:16:32 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Wise Care 365
[2012/01/10 08:35:52 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Xilisoft
[2013/04/27 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\YoudaGames
[2012/12/18 08:56:33 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\ZiggyTV
 
========== Purity Check ==========
 
 
 
< End of report >
And that's all !!!
kkllaauuss
Link to post
Share on other sites
kkllaauuss

kkllaauuss

Posted
  • Author
Posted

message 2 of 2.  Quick scan:

 

OTL logfile created on: 09/08/2013 06:40:39 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hyperklaus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
7,86 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 77,16% Memory free
15,71 Gb Paging File | 13,94 Gb Available in Paging File | 88,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 425,09 Gb Total Space | 294,76 Gb Free Space | 69,34% Space Free | Partition Type: NTFS
Drive E: | 488,31 Gb Total Space | 448,80 Gb Free Space | 91,91% Space Free | Partition Type: NTFS
 
Computer Name: HYPERKLAUS-PC | User Name: hyperklaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/08 19:46:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hyperklaus\Desktop\OTL.exe
PRC - [2013/07/03 18:05:48 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/01 04:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/20 11:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/04/30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/01 23:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/06 15:39:02 | 000,357,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/10/06 15:37:50 | 005,076,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/05/20 11:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/05/20 11:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013/07/13 07:18:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 18:05:48 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/05/28 14:36:16 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/03 19:59:46 | 000,169,472 | ---- | M] (PowerOfferService) [Disabled | Stopped] -- C:\Users\hyperklaus\AppData\Local\PosService\Pos.exe -- (PowerOffer Service)
SRV - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/12/16 18:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Disabled | Stopped] -- C:\Users\hyperklaus\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater)
SRV - [2011/09/24 16:39:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/07/01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 21:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/10 14:12:52 | 000,956,192 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/04/30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/04/22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/03/31 00:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/01 23:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 23:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Programmi\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/06 15:40:10 | 000,891,736 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/03 18:05:49 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/07/03 18:05:46 | 001,477,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm255.sys -- (tdrpman255)
DRV:64bit: - [2013/07/03 18:05:37 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/07/03 15:08:48 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/06/28 06:59:03 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/28 06:59:03 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/28 06:59:03 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/02 14:46:16 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/12 10:50:50 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/12 10:50:50 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/12 10:50:50 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/10 20:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/08 18:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/16 23:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/05/10 05:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/05/06 19:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011/04/26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/05 13:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/03/31 00:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/02/15 09:35:54 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/02/10 08:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 08:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/24 10:29:46 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/01/21 03:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/21 03:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/10 09:15:08 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 10:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/14 08:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/09/14 08:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/03/02 13:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-141930522-2581543273-3459439603-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hyperklaus\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hyperklaus\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\hyperklaus\AppData\Local\Ignite\npOCDM.1.1.3.0.dll (OpenCandy, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2012/11/21 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hyperklaus\AppData\Roaming\mozilla\Extensions
[2012/11/21 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hyperklaus\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2013/08/08 06:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.it/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\hyperklaus\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\hyperklaus\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hyperklaus\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SoundFrost = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\
CHR - Extension: Gmail = C:\Users\hyperklaus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/10/29 16:00:22 | 000,444,707 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15272 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {081524f7-7ed8-43ff-b01e-915c410a9cbe} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programmi\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programmi\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [servizio Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource\Go\CTCMSGo.exe File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\Run: [RemoteCenter] C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RCMan.EXE File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1001..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1001..\Run: [software updater] C:\Users\hyperklaus\AppData\Roaming\FreeSoftwareUpdater\updater.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\RunOnce: [CMSRegOW.exe] "C:\Program Files (x86)\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\RunOnce: [inetreg] C:\Program Files (x86)\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe (InstallShield Software Corporation)
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000..\RunOnce: [startMS] "C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\StartMS.exe" /s File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-141930522-2581543273-3459439603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-141930522-2581543273-3459439603-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-141930522-2581543273-3459439603-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FA86DC0-247C-4B0A-8DD2-D2FA6F4CC4EA}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FA86DC0-247C-4B0A-8DD2-D2FA6F4CC4EA}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C8495A-FC96-4118-A525-89E4939D8BE4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78BA58F7-486E-471F-90A4-9AFB59D0F248}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3B3B17A-3EBC-4F7C-AF43-CC229899CC77}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3B3B17A-3EBC-4F7C-AF43-CC229899CC77}: NameServer = 176.31.229.24,176.31.229.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1070f3e3-9b58-11e1-b80c-b870f4f9dc19}\Shell - "" = AutoRun
O33 - MountPoints2\{265c1bec-3ae2-11e1-9c06-b870f4f9dc19}\Shell - "" = AutoRun
O33 - MountPoints2\{265c1bec-3ae2-11e1-9c06-b870f4f9dc19}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{4c78223a-e6b7-11e0-9758-806e6f6e6963}\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/08 19:46:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hyperklaus\Desktop\OTL.exe
[2013/08/08 19:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade 5.4.7
[2013/08/08 19:25:48 | 000,000,000 | ---D | C] -- C:\ONE TOUCH Upgrade 5.4.7
[2013/08/08 19:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcatel PC Suite
[2013/08/08 19:24:07 | 000,000,000 | ---D | C] -- C:\Windows\QdAvPlug
[2013/08/08 19:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcatel PC Suite
[2013/08/08 19:22:57 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\Alcatel 602D Suite set up
[2013/08/08 19:20:17 | 007,180,914 | ---- | C] (TCL Communication Technology Holdings Limited               ) -- C:\Users\hyperklaus\Desktop\one-touch-upgrade-5-4-7-setup.exe
[2013/08/08 07:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013/08/08 06:32:36 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\URLMAL
[2013/08/08 06:02:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/06 07:19:50 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\Percorso
[2013/08/05 06:42:26 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Desktop\Nuova cartella
[2013/08/03 07:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/31 07:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013/07/31 07:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3
[2013/07/30 18:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deamm
[2013/07/18 19:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/18 08:24:46 | 000,000,000 | ---D | C] -- C:\Render
[2013/07/17 07:46:44 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\AppData\Local\BolideSoftware
[2013/07/17 07:46:43 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\AppData\Roaming\Obsidium
[2013/07/17 07:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bolide Movie Creator
[2013/07/17 07:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bolide Movie Creator
[2013/07/14 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Documents\InstantCDDVD
[2013/07/13 08:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
[2013/07/13 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer
[2013/07/12 18:26:55 | 000,000,000 | ---D | C] -- C:\Users\hyperklaus\Documents\Backup personali
[2013/07/11 18:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/11 18:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/11 18:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/12/06 15:27:36 | 001,104,816 | ---- | C] (GreenTree Applications SRL) -- C:\Program Files (x86)\ytd.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/09 06:39:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/09 06:23:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 06:23:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 06:21:00 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-141930522-2581543273-3459439603-1001UA.job
[2013/08/09 06:17:09 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/08/09 06:16:03 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 06:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 06:15:31 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 19:46:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hyperklaus\Desktop\OTL.exe
[2013/08/08 19:43:00 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/08 19:25:50 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ONE TOUCH Upgrade 5.4.7.lnk
[2013/08/08 19:24:59 | 000,001,066 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Alcatel Dialup Internet.lnk
[2013/08/08 19:24:59 | 000,001,055 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Alcatel PC Suite.lnk
[2013/08/08 19:20:33 | 007,180,914 | ---- | M] (TCL Communication Technology Holdings Limited               ) -- C:\Users\hyperklaus\Desktop\one-touch-upgrade-5-4-7-setup.exe
[2013/08/08 17:41:04 | 001,654,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/08 17:41:04 | 000,739,482 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/08/08 17:41:04 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/08 17:41:04 | 000,146,522 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/08/08 17:41:04 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/08 14:24:36 | 000,534,614 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Pinocchio.mp3
[2013/08/08 14:19:19 | 000,560,778 | ---- | M] () -- C:\Users\hyperklaus\Desktop\Tanz.mp3
[2013/08/08 07:21:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-141930522-2581543273-3459439603-1001Core.job
[2013/08/07 06:52:26 | 000,000,050 | ---- | M] () -- C:\Windows\popcinfo.dat
[2013/08/04 06:47:21 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/08/03 13:32:47 | 000,016,896 | ---- | M] () -- C:\Users\hyperklaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/02 20:00:02 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/07/17 07:03:11 | 000,024,154 | ---- | M] () -- C:\Windows\Arancia_Meccanica_000.JPG
[2013/07/12 06:40:45 | 000,468,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/08/08 19:25:50 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ONE TOUCH Upgrade 5.4.7.lnk
[2013/08/08 19:24:08 | 000,001,066 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Alcatel Dialup Internet.lnk
[2013/08/08 19:24:08 | 000,001,055 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Alcatel PC Suite.lnk
[2013/08/08 14:24:36 | 000,534,614 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Pinocchio.mp3
[2013/08/08 14:19:19 | 000,560,778 | ---- | C] () -- C:\Users\hyperklaus\Desktop\Tanz.mp3
[2013/08/07 18:20:36 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/07/31 07:58:08 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013/07/17 07:09:19 | 000,024,154 | ---- | C] () -- C:\Windows\Arancia_Meccanica_000.JPG
[2013/05/21 07:21:09 | 000,020,829 | ---- | C] () -- C:\Windows\SysWow64\main.dat
[2013/05/20 13:34:18 | 000,000,270 | RHS- | C] () -- C:\Users\hyperklaus\ntuser.pol
[2013/01/01 18:53:53 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/12/06 15:27:40 | 000,076,328 | ---- | C] () -- C:\Program Files (x86)\scripts.yds
[2012/11/26 14:20:30 | 000,033,477 | ---- | C] () -- C:\Program Files (x86)\mediaplayer.swf
[2012/11/26 14:20:26 | 006,338,062 | ---- | C] () -- C:\Program Files (x86)\FFMPEG.EXE
[2012/11/26 14:20:26 | 000,025,859 | ---- | C] () -- C:\Program Files (x86)\COPYING.LGPLv2
[2012/11/26 14:20:26 | 000,011,560 | ---- | C] () -- C:\Program Files (x86)\COPYING.Apachev2
[2012/11/26 14:20:26 | 000,007,820 | ---- | C] () -- C:\Program Files (x86)\COPYING.LGPLv3
[2012/11/26 14:20:26 | 000,001,717 | ---- | C] () -- C:\Program Files (x86)\LICENSE
[2012/11/26 14:20:26 | 000,000,057 | ---- | C] () -- C:\Program Files (x86)\manual.bat
[2012/11/04 08:34:44 | 000,016,896 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 12:18:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/29 16:10:39 | 000,000,189 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/21 20:07:07 | 003,148,854 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\ssprep.bmp
[2012/10/05 14:22:33 | 000,092,240 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/10/05 14:22:33 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/10/05 14:22:33 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/10/05 14:22:33 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/10/05 14:22:33 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/10/05 14:22:33 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/10/05 14:22:33 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/10/05 14:22:33 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/10/05 14:22:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/10/05 14:22:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/10/05 14:22:33 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/10/05 14:22:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/10/05 14:22:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/10/05 14:22:33 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/10/05 14:22:33 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/10/05 14:22:33 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/10/05 14:22:33 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/10/05 14:15:06 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini
[2012/08/21 07:12:54 | 001,632,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/20 19:47:44 | 000,715,038 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\unins000.exe
[2012/07/20 19:47:43 | 000,004,142 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\unins000.dat
[2012/06/23 16:54:44 | 003,148,854 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\AzureBay.bmp
[2012/06/23 16:54:44 | 000,124,230 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\cal.bmp
[2012/06/23 16:54:43 | 005,760,054 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\sswpprep.bmp
[2012/06/23 16:53:11 | 000,000,727 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\AzureBay.ini
[2012/05/09 12:40:26 | 004,818,944 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/04/27 08:17:44 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\Drv64_32.dat
[2012/03/22 23:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/06 14:25:31 | 000,009,953 | ---- | C] () -- C:\Windows\SysWow64\SBUSB.INI
[2012/03/06 14:25:01 | 000,000,347 | ---- | C] () -- C:\Windows\CTWave32.INI
[2012/03/06 13:57:56 | 000,000,000 | ---- | C] () -- C:\Windows\SBWIN.INI
[2012/01/22 08:45:49 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/11 14:25:37 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/01/11 14:25:37 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/01/11 14:25:37 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/01/11 14:25:37 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/01/11 14:25:36 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/01/10 18:14:14 | 000,018,432 | ---- | C] () -- C:\Windows\ss3unstl.exe
[2012/01/10 14:21:44 | 000,000,050 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/01/10 09:02:59 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\MP2enc.dll
[2012/01/09 20:11:38 | 000,000,040 | ---- | C] () -- C:\Users\hyperklaus\AppData\Roaming\cdr.ini
[2012/01/09 20:00:30 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/09 20:00:29 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/09 19:54:19 | 000,000,020 | ---- | C] () -- C:\Windows\Pt.dll
[2012/01/09 19:30:32 | 000,000,430 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/12/08 00:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/08/12 11:01:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/12 11:01:11 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/12 11:01:10 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/12 11:01:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/12 11:01:08 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2003/07/17 21:23:28 | 000,000,591 | ---- | C] () -- C:\Users\hyperklaus\AppData\Local\ScreenSaver.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/04/27 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Abyssmedia
[2013/07/03 15:12:29 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Acronis
[2013/06/06 09:12:54 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Ainishare
[2012/08/20 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\AnvSoft
[2012/01/15 09:03:59 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Artogon
[2012/04/27 07:41:05 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Audacity
[2012/04/28 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Audio Recorder for Free
[2013/05/29 20:09:17 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Be a King 2
[2012/08/01 09:42:12 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Canneverbe Limited
[2012/10/05 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\ChemTable Software
[2013/04/22 17:44:59 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Chronoclasm Chronicles
[2012/08/20 13:11:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\DVDVideoSoft
[2012/09/30 13:37:41 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\EnchantedCavern
[2012/10/10 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\EPSON
[2012/01/09 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\EurekaLog
[2012/03/04 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Focus Mp3 Recorder
[2013/08/08 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\foobar2000
[2012/03/04 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Audio Editor
[2012/04/28 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Audio Recorder
[2012/04/28 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Sound Editor
[2012/04/28 06:54:21 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Free Sound Recorder
[2012/07/28 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\FreeBurner
[2013/04/25 07:53:14 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\FreeSoftwareUpdater
[2013/07/31 07:58:09 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\GlarySoft
[2013/06/25 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Glarysoft Giveaway
[2012/10/15 07:11:34 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\IObit
[2013/07/02 13:19:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\KC Softwares
[2013/02/21 15:56:06 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\MahJong Suite
[2012/04/15 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Mystery of Mortlake Mansion
[2012/11/19 08:26:36 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\newsXpresso
[2013/07/17 07:46:43 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Obsidium
[2012/02/09 15:08:49 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\PC Suite
[2013/04/20 17:24:32 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Pegasys Inc
[2012/05/12 06:52:03 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Philips
[2012/05/12 06:51:21 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Philips-Songbird
[2012/04/30 06:51:44 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Playrix Entertainment
[2013/03/23 14:13:24 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\PoBros
[2012/06/23 17:16:12 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\PowerCinema
[2012/08/19 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\R-TT
[2013/06/23 07:08:38 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\RuneStonesQuest
[2012/03/31 13:09:26 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Stereosoft
[2013/06/30 08:15:09 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\T1 Games
[2012/11/18 10:14:14 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\TheGreatPharaoh
[2012/10/19 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\VideoEditor
[2012/06/24 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\WildTangent
[2012/11/06 15:48:09 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Win7codecs
[2013/08/09 06:16:32 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Wise Care 365
[2012/01/10 08:35:52 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\Xilisoft
[2013/04/27 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\YoudaGames
[2012/12/18 08:56:33 | 000,000,000 | ---D | M] -- C:\Users\hyperklaus\AppData\Roaming\ZiggyTV
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
kkllaauuss
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

You are not follow my instructions right:

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Here my instructions:

Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.

Also, please do not format your text, it is really awful for my eyes.

Link to post
Share on other sites
kkllaauuss

kkllaauuss

Posted
  • Author
Posted

Hope this time my words can be well read. Before proceeding as you asked, I want to let you know that from this morning (in Rome now is almost 2 p.m.) the virus is silent. Better said: Avast is quiet and it doesn't announce anymore about the url:mal stopping. I didn't do anything, so I don't believe that the virus can be 'died' alone. But let me try a couple of days again, and I will return on Monday (or before) on this argument. Anyway, I forgot that I saved a PC's image in Acronis just a few days before PC was infected. So I can risk to run that hazardous program, if necessary. I will let you know the situation. Thanks in advance for waiting. kkllaauuss

Link to post
Share on other sites
kkllaauuss

kkllaauuss

Posted
  • Author
Posted

So, this is the situation. I can connect to Internet without any problem and Avast is absolutely silent, Malwarebytes too. I don't know what to think because I understand that I didn't do anything to cancel the virus, but it looks now not-existing. So I just can thank you for your availability and .....hope not to have to return on it. Should you have any advice, please let me know.  Bye. kkllaauuss

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad everything is fine there! :)

Step 1

Please run OTL and click on CleanUp button.

Step 2

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept